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(57) Abstract: The invention concerns y a method 
and a system for authentication of a commission 
from a customer (41> to a service provider (42), ? 
-according— to which a set of randomly generated 
code words has been stored in a memory circuit 
associated with a mobile-telephone subscription in a 
mobile telephone (10) as well as in a database - (21) 
together with an association to said mobile-telephone 
subscription. The method comprises the steps of 
determining the identity (43) of the customer, of 
identifying the mobile-telephone subscription on the 
basis of the identity of the customer, of retrieving 
a code word (46) from the memory circuit, and of 
checking the presence of said code word in the code 
word set in the database (21) that is associated with 
^said mobile-telephone subscription, in order to thus 
authenticate the commission. 
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METHOD AND SYSTEM FOR AUTHENTICATION OF A SERVICE REQUEST 



Technical Field 

The present invention concerns a method and a system 
for authentication of a request from a customer to a 
5 service provider. 

Technical Background 

A constantly recurring problem on the market in the 
case of purchases for which credit cards or bankcards are 

10 used is to establish the identity of the card user. 

Usually, each card has a specific code, for instance a 
four-digit number code, which in some stores. may be 
inputted in a terminal in conjunction with the purchase. 
However, this is not a particularly attractive solution 

15 for an individual possessing a dozen cards, each having 

its specific code. Restaurants, for example, often employ 
the. method of requesting the customer to sign a slip in 
confirmation of the transaction, and the signature serves 
as a post -check, should any doubt arise about the 

20 payment. This means that only long after the event will 
the cardholder notice if an unauthorized individual has 
utilized his card without his knowing. It might even 
happen that the personnel of the restaurant fraudulently 
charge the card with several transactions during the 

25 period when they alone have access to the card. It is 

often sufficient that a dishonest person gets hold of the 
number of the card to enable him to use the card on a 
. later occasion. 

According to prior-art technology intended for 

30 situations wherein a customer has recurrent contacts with 
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e.g. a bank, the customer is equipped with a list of 
codes hidden by a rub-off film. The bank has access to 
the same list, which may be stored e.g. in the bank 
computer system. Each time the customer requests a 
5 transaction, for instance by telephone, he exposes one of 
the code number by rubbing off the film and then 
discloses the exposed number to the bank. The number is 
compared against the list in the bank, and a match 
ensures that the customer is the person he claims to be, 
10 or at least is in possession of the rub-off list in 
question. 

According to prior-art systems devised to provide 
secure transactions for instance on the Internet, the 
user must have access to a small electronic device at the 
.15 time of the transaction. Codes are exchanged between the 
computer and the electronic device in order to ensure 
that the user actually has access to the electronic 
device. This technology is employed above all in 
conjunction with banking services on the Internet when a 
20 customer uses the service comparatively often. 

The solution involving the individual -related 
electronic device does, however produce two problems: 
In the first place, it is possible for a skilful 
expert to copy the electronics, for example the ROM 
25 memory, of an electronic device to which he has access 
albeit briefly. The electronic device may then be 
returned to the owner who suspects no mischief. From then 
on, there is no possibility for the computer system to 
ascertain whether a request is made by the owner or the 
30 dishonest person. v 

In the second place, an electronic device is 
specific to each service provider, which means that a 
user of several services must carry with him several 
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electronic devices. Consequently, there is a risk that he 
has forgotten the electronic device that is required for 
the occasion. In addition, it reduces che user , s 
to keep an eve on all electronic devices, and a dishonest 
S person can easily use a stolen device or copy a 

"borrowed- device before the user has had time to miss 

r 

When credit cards are used for payment over the 
Internet, generally only the number of the credit card 
serves as the authenticity check. It is possible to 
encrypt the credit card number, but i£ che encrypting 
code is cracked, a dishonest person could use the card 
comparatively freely until the time when the user 
receives a bill, usually at the end of a month 
Electronic devices of the kind described above could of 
course be used to increase security, but the problems 
related to copying of the electronics of the device and 
the need for several devices do, of course remain 

Some providers of services offer systems on the 
internet, according to which a person must first registe- 
as a customer and only then is he allowed to make 
purchases using his credit card. Like the system 
involving the electronic devices, these systems suffer 
from the disadvantage that they are specific to each 
service provider, making the user's life very complicated 
as he has to have contact with several service providers 
Other common services for which authentication of a 
user's authorization is needed are for logging in into 
computer systems and admittance into security-classified 
premises. These system are based almost exclusively on 

the presentation of a uspt rn „ • 

user ID an conjunction with a code 

or a password, which in some systems are changed 
according to predetermined routines, or on security pass 
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cards and an associated code. Generally speaking, the 
fact is that in our society a multitude of codes exists 
which it is difficult for the individual to remember. He 
might therefore be tempted to write down the codes 
5 somewhere, which reduces security. 

The combination of disclosure of a code and an 
electronic device, which has to be physically available, 
improves security but at the cost of requiring several 
devices. Consequently, this technology hardly presents a 
10 universal solution to the problems outlined above. 

There is therefore a need for a uniform system that 
might be used with several types of service requests and 
that allows the authenticity of the customer or user to 
be verified in a simple manner. 

% Definitions 

In the following description, a number of 
expressions will occur, which are defined as follows. 

By the expression "commission" is to be understood 
20 generally a service that a person wishes to be rendered 
by a provider. For example, a commission could be a 
financial transaction delivered by a bank or similar 
establishment, but a commission could equally well be a 
request for admission into a building or for log- in into 
25 a computer system. To order such a commission is referred 
to as a "service request". 

By the expression "service provider" is to be 
understood both the company carrying out the commission 
(such as a bank, a credit card company or a security 
30 company) and the equipment used to implement the 

commission (such as a door lock, an automatic teller 
machine or a computer system in log-in situations) . 
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The "customer" is the individual requesting the 
commission from the service provider, and in the 
following description, the customer and the service 
provider are also users of the method and the system in 
5 accordance with the invention. 

. By the expression "database" is to be understood the 
dafca-storage memory unit as well asr the software 
processing volumes of data and executing operations for 
instance for the purpose of comparing volumes of data. 
10 By "mobile telephone" is to be understood herein a 

portable telephone, such as a cellular telephone (e.g. 
GSM) or the like. The expression naturally includes any 
portable telephones that may be developed in the future. 

15 Purpose of the Tnyention 

* A first purpose of the present invention is to solve 
the problems outlined above and to make it possible to 
satisfactorily authenticate a customer requesting a 
service . 

A second purpose of the invention is to make it 
possible to authenticate a customer requesting a service, 
by means of a universal method that may be made use of by 
several service providers without the provider requiring 
specific equipment. 
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Summary o f the Invention 

These purposes are obtained in accordance with the 
teachings of the invention by means of a method and a 
system defined in the independent claims 1, 13, and 14. 

Thus, in accordance with the invention two identical 
code word sets are provided for each customer, one set 
being stored in a memory circuit in a mobile telephone 
and the other one being stored in a database. 
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Authentication is performed by identification of the 
mobile-telephone subscription, extraction of a code word 
from the memory circuit, and the code word is checked 
against that code word set in the database that is 
5 directly or indirectly associated with the mobile- 
telephone subscription. The relative order of the above 
operational steps could, of course, be different; for 
example, the code word could be extracted from the memory 
circuit prior to identification of the mobile -telephone 

10 subscription . 

One advantage of the method and system according to 
the invention compared with prior-art technology is that 
the code words are of a use-once-only character combined 
with the fact that no predictable algorithm is used to 

15 derive the next code word. To gain knowledge of the code 
words in a set requires that the memory circuit of the 
mobile telephone be actually physically stolen or else 
- copied electronically. 

In addition, the method and the system according to 

20 the invention may be used by an unlimited number of 

service providers. The only condition required of the 
service provider is possession of equipment by means of 
which he is able to establish connection with the 
database and transfer the code word and the identity, and 

25 to receive the results of the authentication. In 
addition, this means that by blocking his mobile- 
telephone subscription in the database, the user may 
easily block all services that make use of the system. 
One alternative is that the service provider himself owns 

30 the database or a subset thereof. 

An additional advantage is that . the system may be 
used completely in parallel with and independently of 
existing security systems. Thus, each service provider 
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may choose on his own whether he wishes to join the 
system and thereby improve the security of his existing 
system. 

Preferably, the code word is retrieved from the 
5 memory circuit in a predetermined order , which improves 
the security of the authentication further. Not only is a 
ch4ck made to establish whether or not the code word is 
included in the code word set that is associated with the 
stated identity, but also a check is made as to whether 

10 the code word is the correct one within the set. 

In the memory circuit, it is possible to indicate 
when a code word has been used, and a similar indication 
may be made in the database. This possibility ensures 
that the memory circuit and the database agree as to from 

15 where in the predetermined sequence that the next code 

word is to be extracted. Consequently, the memory circuit 
and the database are prevented from getting M out of 
phase". This system may be equalled to the situation, 
wherein the customer carries on him a list of code words 

20 that are hidden by a rub-off coating. To use a code word, 
the customer needs to expose it by rubbing off the coated 
and the service provider exposes the corresponding hidden 
code word from his list in the same manner and compares 
the two. In order for the customer to be accepted, the 

25 correct list must be used, and in addition, the correct 
code word on the list. 

One consequence of this procedure is that a 
dishonest individual, who has secretly gained access to a 
person's code word set, for example by having copied the 

3 0 memory circuit by electronic means, will only be able to 
use the memory circuit, if the person has not already 
made a request and in conjunction therewith used the next 
code word. Should- the dishonest individual actually 
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succeed in accomplishing a request, the fraudulent action 
will be revealed when next the person is to make a 
request, since the code word he then indicates will not 
be accepted. The mobile subscription will then be 
5 blocked, and the damage is minimised. This should be 
compared with the situation according to prior-art 
technology, when a security device, copied secretly, may 
be used by a dishonest individual until the owner 
receives an irregular account statement or similar 

10 information. 

The step of identifying the mobile- telephone 
subscription preferably includes the steps of determining 
the identity of the customer, and based on the identity 
of the customer, identifying the mobile -telephone 
;15 subscription. The identity of the customer may consist of 
suitable data, such as the personal identification 
number, a credit card number or a mobile- telephone 
number. The concept "identity" in this case actually only 
indicates the existence of a direct connection to an 

20- individual, and the data representing the identity might 
be exchangeable. For instance, the identity data from the 
customer to the service provider could be supplied in the 
form of e.g. the number of a bank card or a security pass 
card together with the associated code, or a user ID 

25 together with an associated code, and from the service 
provider to the database in the form of a mobile - 
telephone number or a predetermined ID number. However, 
the database must be able to associate the received 
identity data with a predetermined code word set, 

30 normally via the mobile- telephone number, in order thus 
to be able to check that the given code word has been 
retrieved from the correct memory circuit. 
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In accordance with a preferred embodiment, a request 
is sent to the customer to state a code word. The 
customer thus can request a service in a conventional 
manner, whereupon the' service provider, as an additional 
5 security measure, demands a code word, which the customer 
retrieves from the mobile telephone. Preferably, the 
sej/vice provider in this case is in possession of 
information regarding which ones of its customers are 
connected to the system in accordance with the invention, 
10 and as the case may be, sends an inquiry to the database. 
The database thereafter requests that the customer state 
a code word. 

The request may be forwarded to the mobile telephone 
via the telecommunication network, and the code word may 

15 be transferred from the mobile telephone to the database 
via the telecommunication network. Preferably, the 
customer gives his acceptance of transmission of the code 
word by pressing suitable keys on the mobile- telephone 
keypad. Because in this manner two separate communication 

20 routes are made use of, on the one hand a route between 
the service provider and the database and on the other 
between the database and the mobile telephone, security 
is improved additionally. A dishonest individual, who has 
caught and distorted information along the first 

25 communication route, has no possibility of predicting 

which mobile-telephone subscription or base station will 
be used as the next step of the authentication process. 

A request forwarded to the mobile telephone, for 
example in the form of an SMS message or the like, may 

30 contain information on the transaction. This may be 

advantageous, for example in a situation when the card 
has been swiped through the card reader and has been 
accepted by the card company, but when the transaction 
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amount has not yet been established. When the entire 
authentication process has been concluded, a dishonest 
individual could then state an erroneous amount, thus 
charging the account of the customer with too high an 
5 amount. By means of an SMS message as indicated above the 
fraud would be detected by the customer , % who thus is 
informed of the fraudulent request to his mobile 
telephone and then is able to deny acceptance of the 
transaction. 

10 The fact that the mobile telephone is contacted 

directly gives the user a possibility of detecting a 
fraudulent action as it is being perpetrated. He can then 
block the mobile-telephone subscription immediately, or 
block the card or the service exposed to the fraud. Let 
;15 us assume that someone has stolen or copied a person f s 
credit card and in addition has succeeded in obtaining 
the next code in that person's memory circuit. When the 
card is being used and a transaction is accepted by the 
database, a message is sent to the person's mobile 

20 telephone, whereupon the person is apprised of the fact 

that someone has used one of the code words in the memory 
circuit. Another possibility is to delay the request for 
a code word to the customer for a predetermined length of 
time, or to make use of two confirmations, spaced apart 

25 in time. This procedure would prevent a dishonest 

individual from using a mobile telephone, which is later 
returned to the owner, without the owner being aware 
thereof. The length of the delay may be adapted to ensure 
that the owner of the mobile telephone will have time to 

30 miss it and block it before a code-word request is sent 
to the mobile telephone and the order thus confirmed. 

At the same time, this method permits a customer to 
allow a third person to use the customer's card for a 
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particular service, for example to buy some merchandise 
x/r P ective of Ms whereabouts, the customer is formed 
ofthe Purchase on his mobiie telephone, and maxes the 
£inal confirmation via his mobile telephone. 

Particularly in the case of service revests via the 
Xnternet. it is advantageous that a reque.st from the 

• j _ c ,->,- cprvice is made directly 
rf*tkbase or the provider of the service 
I' he mobile telephone, since all Xnternet-transferred 
information is accessible to others to a larger «^ 
10 smaller extent. An SMS message made to the customer s 
clphone therefore is an excellent acknowledgement of 
the correctness of the transaction. 

In accordance with another embodiment of 

• -he identity of the customer and the code word 
invention the identity u 
1S retrieved from the memory circuit are transferred to 
Service provider, the mobUe-telephone subscription 
service y . , Hfipd bv the service 

associated with the customer is identified by 
provider, and the identities of the code word nd the 
Lhile-telephone subscription are transferred to the 
moblle-telepno met hod allows the 

20 database by the service provider. This met 

transfer, directly in conjunction with the 
customer to transfer, 

request, his identity as well as a code 
service provider. The identification of the mobile- 
rJIphone subscription is then effected either by the 
25 service provider or by the database. 

in accordance with a further embodiment of the 
inv J tion asecond code word is retrieved from the memory 
circuit and transferred to the database in order to 
additionally verify the authenticity of the reque . The 
30 code words of the set may be associated with one another 
in groups comprising different numbers of code words, to 
ba used for different types of service requests of 
different security levels. 
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The first code word may be transferred from the 
customer to the database, perhaps via the service 
provider, whereupon the database issues a request to the 
customer to state a second code word, and finally, the 
5 second code word is transferred from the customer to the 
database. The request to the customer may be effected in 
th£ same way as in the case of the request described 
above. One possibility thus is that the customer receives 
two successive requests to the mobile telephone to 

10 transfer a code word. Another possibility is that the 

customer first states a code word directly in conjunction 
with making his request and thereafter is asked to state 
an additional code word. Obviously, several other 
possibilities exist, and in particular the PIN code of 
• '115 the mobile telephone may be made use of as one means of 
increasing authentication security. 

According to one embodiment of the invention, also 
position data associated with the mobile -telephone 
subscription are stored in the database. In the 

20 authentication process, the memory circuit is located, 
and the position data received may be compared with the 
position data stored in the database. This method may be 
used to geographically restrict the area within which the 
customer can effect certain types of service requests. 

25 For example, purchases above a certain amount may be 
limited to a few, predetermined locations, which 
increases security further. This geographic check can 
also be applied for logging- in into a computer system, 
which perhaps is allowed only from the work premises or 

30 from home. Alternatively, position data in the database 
could be an IP address, allowing log-in processes or 
Internet transactions to be restricted to a specific 
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computer unit, without such information being available 
to the service provider or anywhere on the Internet. 

Brief Descriptio n of the Drawings 
5 The present invention will be described in more 

detail in the following with reference to the 
accompanying drawings, which for exemplifying purposes 
show preferred embodiments of the invention. In the 
drawings : 

10 Figs la-b show two code word sets in accordance with 

the invention, 

Fig 2 shows a mobile telephone in accordance with 

the invention, 

Fig 3 shows a database in accordance with the 

15 invention, 

Fig 4 shows the manner of retrieval and storage of 

the code-word sets of Fig 1, 

Figs 5a-e show five different preferred embodiments 
of the method according to the invention, and 
20 Fig 6 illustrates the method in accordance with the 

invention in a more detailed view. 

Description of Pr eferred Embodiments 
Figs la-b show two examples of a code word set 1 
25 consisting of a plurality of codes 2 in the form of four- 
digit or six-digit number combinations. These number 
combinations are extracted at random and have no 
deducible relationship, neither as to their composition 
nor as to their sequence- The codes may be arranged in 
3 0 groups 3 containing two or several codes 2 in each group. 

Since each code in itself is entirely independent of 
the others, there is nothing to prevent one combination 
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of numbers to appear several times in the same set, or 
even within the same group. 

The code-word set 1 is associated with an identity 
4, which is directly or indirectly connected with a 
5 mobile -telephone subscription. In the shown example, the 
identity consists of a mobile -telephone number 5. 



11, a display 12, and a receiver/transmitter 13, The 
10 mobile telephone also has a memory circuit 15, for 

example a SIM card or similar smart card, which contains 
data 16 pertaining to the mobile- telephone subscription. 
For example, a SIM card may comprise information on the 
telephone number of the subscription and on how much 
15 credit remains in the customer's account with the mobile 
service provider. In accordance with the invention, the 
memory circuit 15 is also provided with a code word set 
17 that is associated with the subscription. 



20 and a code word set before being delivered to a retailer 
under conditions of extreme security, for example in the 
form of a seal of some kind. The customer, who buys or in 
some other way gets hold of the SIM card checks that the 
seal has not been violated and thereafter arranges the 

25 SIM card in his mobile telephone, which allows him to use 
the telephone. 

In addition, the mobile telephone shown in Fig 2 
comprises means, such as software 18, devised to retrieve 
from the memory circuit 15 a code word from the code word 

30 set 17, and to transmit the code word by means of mobile- 
telephone communication, for example in a SIM message. 
Software having this function may be developed by the 
expert in the field. The software 18 may also transmit a 




The SIM card may be provided with a subscription ID 
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addition, a retri 

display 12. 18 ls arranged to receive 

Furt nermore. the software ^ ^ ^ ^ 

s . code word and to ^are ^ ^ ^ be 

„ or d set m the — ;; r ;;; ad u , or ^ M be 

in p,tted by means o£ the * ™ on dire ctly to 

by means o £ mob— ' telephone . f or example 

message. telephone is arranged to be 

preferably, the mobil* « * receive any 

wherein it- ^ , _ 

-t * a dormant . cap a b le of receiving 

telephone calls but where ^ may be 

,,Hna SMS messages. 
15 and transmittmg 

devised by an expert in t* plurality of 

Xn - database « „ an ident ity 

09 are stores, 
code-word sets mo bile-tele P hone 
23 that is associated with ^ ^ 

20 subscription, the corres^g 

comprises an identical ode ^ ^ _ 

» addition, each set ^ positi on indications 

eeveral position where the customer has 

could for instance be lo ^ ^ , certain 

25 indicated that he wishes 

type of requests. ^e provided with 

*» daCabaSS 25 able to receive a question and to 
communication means 25 ab ication pro cess. For 

provide the results of fae a „, ode(n 

the communication means nrovide r, for 

30 example, the service proviae 

arranged to c«-»»»^ „ ord and an identity from the 
— " Brandt transmit confirmation to the 
service provider, an 
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service provider that the authenticity of the commission 
is verified. The communication means 25 could also be 
arranged to communicate with the mobile telephone via the 
mobile- telephone network, for example by way of SMS 
5 messages . 

The database 21 is also provided with means, 
preferable software 26, arranged to perform searches in 
the database and to verify e.g. that a specific code word 
exists in the code word set 22 in the database associated 
10 with a predetermined identity 23. 

Fig 4 illustrates how code-word sets 1 are formed 
and stored. 

In a completely independent computer system, 
combinations of numbers are created at random in 

'15 accordance with algorithms that cannot be predicted from 
the outside (Step 31) . This procedure ensures that nobody 
can predict which code words are included in a particular 
code word set, and can easily be devised by an expert in 
the field. The combinations of numbers are arranged in 

20 groups and sets (Step 32), in accordance with algorithms, 
which in themselves may be allowed to be known outside 
the computer system. In addition, the computer system is 
provided with a series of mobile-telephone numbers which 
are supplied by a mobile-telephone service provider, and 

25 which associate each code word set with a particular 
telephone number (Step 33) . 

The sets are then distributed (Step 34) to companies 
that equip the SIM cards with data, where each code word 
set is stored on a SIM card (Step 35), the latter either 

30 prior to or after the storage having been attributed to 
the mobile-telephone number associated with the mobile- 
telephone number. 
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• the sets are else distributed (step 34) 
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to ch e -abase -e data ca rriers, 

birred nrseaied cos. are distribu- ~ a 

such as cod o£ couriers . if the 

s safe manner, for example y connected co the 
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customers are com mobile- 

, is a t,le to associate a 
the invention, ana , dent ity of the customer. 

-pho- r:;::: ^ « - »■ 

25 The service provider 42 se o£ 23 o£ 

and transmits to the daCabaSe ln the form of 

the m obiie-telephone subscription ^ J ^ o£ 
a ^obUe-teiephone number but poss y 
-tber identification associated ^ ^ 

teiephone subso^c, *» ^ ^ 

"• ead tte e d rrialase 21 and the mobile-teiephone 
" n i n lest- be identified by the database. 



WO 01/26061 ) PCT/SEOO/01842 

18 

The database thereafter sends a request 45 to the 
mobile telephone 10 via the telecommunication network, 
for example an SMS message, or the like. The message 4 5 
contains particulars of the request, which are shown on 
5 the display 12, thus allowing the customer to check the 
correctness of the request. In the af f irmative , the 
customer may confirm the fact in any suitable manner, for 
example by pressing a particular key on the keypad 11 
twice. For example, the customer may receive a message on 

10 his mobile telephone of the type reading "Credit card 

purchase $35 at BurgerKing. Press OK to confirm", or "You 
are now logging- in into your workplace, Press OK to 
confirm". The customer then presses the OK key. An 
additional confirmation step of the type "Are you sure 

•15 Y/N" might be advisable as an extra check. The software 
18 of the mobile telephone then retrieves from the SIM 
card 15 the next, not yet used code 46 and transmits the 
latter from the mobile telephone 10 to the database 21. 
Simultaneously, the transmitted code word is marked as 

2 0 used on the SIM card. The request 45 from the database 
could also contain a code word (not shown) , which is 
checked by the mobile-telephone software 18 against the 
code word set 17 in the SIM card 15. 

Another possibility is that the database 21 contacts 

25 the service provider 42, who in turn asks the customer 
for a code word, which the provider returns to the 
database 21. 

As the database 21 receives the code word 46, the 
latter may be compared with the code word set 22 that is 
30 associated with the mobile-telephone subscription. Should 
the check fail, for example because the code cannot be 
found in the code word set in the database that is 
associated with the mobile -telephone number, information 
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of this fact is transmitted to the service provider, who 
may refuse to perform the service, for example by 
refusing access to a computer system or stopping a 
transaction. On the other hand, if the check is positive, 
5 i.e. the stated code is the correct one, a go-ahead 

signal 47 is transmitted to the service provider 42, who 
ma^ then perform the service. At the same time, the code 
word received is marked as being used up. 

In accordance with the method shown in Fig 5b, the 

10 customer 41 states a code word 4 in conjunction with 

giving his identity 43 as described above. For example, 
the customer 41 may read a code word 46 from the display 
12 of the mobile telephone 10 and transmit that word to 
the service provider 42. Alternatively, a data 
• 15 transmission port 19 in the mobile telephone may be used 
to ^transmit a code word to the service provider. 

The service provider then issues a query 44 to the 
database 21 and in addition to transmitting the identity 
as described above, he also' transmits the code word 46. 

20 The database 21 checks the code word as described above 
and sends a go-ahead signal 47 to the service provider 
42 . 

The method shown in Fig 5c actually is a combination 
of the two previous methods. The customer 41 first states 
25 a code word 46' as he makes his request in accordance 
with Fig 5c and then receives a request 45 for an 
additional code word 46' 1 in accordance with Fig 5a. 

In order to further increase security, the software 
18 may be arranged, in the case of certain requests, such 
30 as purchases above a predetermined amount, to demand the 
user's PIN code as a condition for retrieval and 
transmission of the code word. This arrangement means 
that a dishonest individual who has got hold of a mobile 
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telephone that is in the switched-on state still has to 
know the owner's PIN code. 

In addition, the position data stored in the 
database could be used to increase security. The base 
5 station over which the mobile telephone communicates can 
be identified comparatively easily, and a comparison with 
thjfe stored position data may be performed. Likewise, it 

r 

may be possible to equip the mobile telephone with a GPS 
navigator or similar means, allowing the mobile telephone 

10 to make his position known with great accuracy. The 
position check could in this case be effected in two 
steps, the first one roughly with respect to the base 
station and the second one more precisely, with respect 
to longitude and latitude. 
",',15 The method shown in Fig 5d could be regarded as a 

variety of the method shown in Fig 5b. In this case, the 
database 21 1 is owned by the service provider 42, for 
.-. which reason no external communication is required from 
the service provider 42. The database 21 1 could be a 

20 subset of a larger database 21. This method could be used 
for instance when a person is to be given access to a 
protected object, such as a car. The car is equipped with 
a database 21" comprising a number of code words, and the 
user may be simply identified by means of his mobile 

25 telephone. 

The method shown in Fig 5e is very similar to the 
method of Fig 5b, but the check vis-a-vis the database 21 
is effected only after some delay 48. If the mobile 
telephone subscription does not satisfactorily manage the 

3 0 credit check and ID check, the mobile telephone is 

blocked in the service-provider system. Examples of use 
of this method are payment of public -transport fees and 
parking fees. 
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Further varieties and combinations of these methods 
are possible within the scope of the invention. The 
number of code words exchanged between the mobile 
telephone and the database may vary, depending on the 
5 desired security level. 

/ In the following, some examples will be given of 
situations, wherein an authentication method in 
accordance with the. invention is particularly suitable. 

10 Restaurants 

A guest who has dined in a restaurant requests from 
his credit card company or the like the service of paying 
the restaurant bill, using funds available in the guest's 
own account or in the account of the account card company 

15 (credit card) . The card company thus is the service 
provider and the guest the customer. 

In the conventional manner, the credit card is 
handled by the restaurant personnel, who check the card 
for verification of its number, its validity, whether 

20 funds are available in the account, that the card is not 
blocked, etc. In this manner, the card company receives 
information on the identity of the customer, for example 
through the unique card number. In accordance with a 
commonly used technology, the card is swiped in a card 

25 reader, which via a modem contacts the card company and 
checks the transaction. 

In a register, the card company has stored data 
showing that the customer is connected to the system in 
accordance with the invention, and identifies the 

30 telephone number of the mobile-telephone subscription. It 
is transmitted to the database, which thereafter contacts 
the mobile telephone via the telecommunication network 
and receives a code word (Fig 5a) . 
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Alternatively, the customer uses his mobile 
telephone in order to state a code word as he makes his 
request (Fig 5b) . The code word may be disclosed to the 
restaurant personnel, who contacts the card company via 
5 the card terminal and transmits the code, or else it may 
be transmitted from the mobile telephone to the card 
terminal by means of some kind of communication means, 
such as an IR port . 

When the authenticity of the code word has been 
10 verified by the card company, a go-ahead signal 47 is 
sent to the restaurant, and a receipt is printed. 

Internet Transactions 

The method is similar when a computer user wishes to 
make a transaction on the Internet or the like, for 
•15 example transfer funds from one of his bank accounts/ or 
make purchases using a credit card. In this case, the 
computer user is the customer requesting a service in the 
form of a transaction. The service provider could be a 
card company as above, or the customer's own bank. 

20 In this case, the identity of the customer is 

transmitted by input of for example a personal 
identification number and the associated password, or a 
credit card number or the like. Inputting may be effected 
in a screen display on a WWW page, and the contents of 

25 ' the page be sent to the owner of the page through 
pressing a key. 

If a method in accordance with Fig 5a is used, the 
process is identical with that of the example described 
above, and within minutes the customer receives an SMS 

3 0 message on his mobile telephone and is able to confirm 
the request by pressing suitable keys. If a method in 
accordance with Fig 5b is used, according to which the 
customer reads a code word from the display of the mobile 
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telephone, the code word may be transmitted in the same 
manner as the identity, either on the same WWW page or on 
a following page appearing immediately after acceptance 
of the identity. 
5 Log- in/ Passing- in 

Another category of services' that is suitable for 
authentication checks in accordance with the invention is 
requests for log-in into a computer system. In this case, 
the customer is the person requesting to access the 

10 system, the service is admittance of the person into the 
computer system or the like, and the service provider is 
the company or computer system responsible for security. 

The customer states his identity when logging in 
according to prior-art technology, and in conjunction 

15 therewith he enters for example a user ID including a 
password. The service provider can then contact the 
database, which. demands a code word directly from the 
mobile telephone in accordance with Fig 5a. 
Alternatively, the customer may be given a possibility in 

2 0 accordance with Fig 5b to indicate, via the keypad, a 

code that has been read on the mobile- telephone display. 

The procedure of allowing physical passing into 
premises or an area is similar to that of log- ins. For 
example, the identity of the customer could in this case 

25 be provided by swiping a security-pass card through a 
card reader or inputting a code on a door lock. 

Example of a Detailed Chain of Events for Credit 
card Payments 

With reference to Fig 6, a more detailed description 
30 will be given below of a possible chain of events 

necessary to allow a legitimate customer to implement a 
request with a high degree of security. If the security 
of the request is not classified to be of the same high 
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degree, certain operational steps could be excluded from 
the chain of events. Preferably, it is the computer of 
the service provider that determines the security 
classification of the request and whether or not a tip 
5 should be given at the point of sale. In this manner, the 
rest of the chain of events is controlled based on the 
security classification and on whether or not a tip 
should be given, 

a) The customer 41 hands over a credit card 51. 
10 b) The credit card is swiped through the card reader 

terminal 52 and the amount to be paid (inclusive of 
wardrobe fees and the like, if any) is inputted into the ■ 
terminal. The terminal 52 generates a message of the 
desired payment, comprising e.g. the credit card number, 
'7-15 the number of the card terminal and the amount to be 
pai,d. 

c) The card terminal sends the message generated in 
(b) to the computer of the credit card company (service 
provider 42) . 

20" d) The computer of the credit card company checks 

the transaction for sufficient credit, and if the check 
is positive, the computer generates a message concerning 
the transaction (seller and amount, and so on) , stating 
the number of the request, the security classification of 

25 the request, whether a "tip" should be given, and the 
mobile -telephone number of the credit card holder. 

e) The computer of the credit card company transmits 
the message received in (d) to the database 21. 

f) The database 21 retrieves the next not -used code 
30 word, checks with the mobile operator 54 concerned 

whether the mobile telephone is on an accepted location, 
and generates a message, demanding confirmation of the 
request. The message comprises e.g. data as to the 
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seller, the number of the request, security 
classification, whether tips are expected, and the next 
non-used code word (576362) . 

g) The database 21 transmits the message that was 
5 generated in (f) to the customer's mobile telephone 10. 

h) The mobile telephone checks the security 
classification concerned and whether a tip-payment 
situation exists. Based on the results of the check, the 
mobile telephone selects the routine tc be followed. The 
mobile telephone presents the query on the display and 
asks for confirmation. The customer presses the OK key 
for confirmation. In cases of high-security 
classification, the mobile telephone requires that the 
customer inputs his PIN code or a corresponding pass word 
that only the customer knows. If a point of sale is 
involved (such as a restaurant) where tips are customary, 
a question will appear on the display of the customer's 
mobile telephone as to whether the amount should be 
increased, and the customer may then input a new, higher 
amount. The mobile telephone asks the customer to again 
confirm and if the customer does so, either one or two 
messages are generated, depending on the security 
classification. Both messages state e.g. the number of 
the mobile telephone, the number of the request, the 
seller, the amount, the final amount (in the case of a 
tip), the first non-used code word (576362) and the 
following non-used code word (805209) and, if the mobile 
telephone has an integrated GPS receiver, also the GPS 
co-ordinates are given. The mobile telephone registers 
the two code words as used up. The entire step (h) is 
processed by the software 18 of the mobile telephone 10, 
and this software may be developed by an expert in the 
field. 
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i) The mobile telephone 10 transmits the message 
generated in (h) to the database 21. 

j) The mobile telephone 10 transmits the message 
generated in (h) to the computer 42 of the credit card 
5 company , 

k) The database 21 checks the message received from 
tl^ mobile telephone and if both code words are correct, 
an ID confirmation message is generated, which includes 
both code words, and the two code words are registered as 
10 being used up. 

1) The data base 21 sends the ID confirmation 
message generated in (k) to the computer 42 of the credit 
card company. 

m) The computer of the credit card company checks 
.15 the message from the mobile telephone (j) and the ID 

confirmation message from the database (1) and executes 
suitable comparisons. If all data are accepted, a 
printing order is generated, which comprises suitable 
information, such as seller, buyer, amount, credit card 
20 number, number of request, date, time and verification 
number . 

n) The printing order is transmitted to the card 
terminal 52 . 

o) The card terminal prints the transaction receipt 

25 53 . 

p) The credit card 51 is returned to the customer, 
who signs the transaction receipt 53, keeping the copy 
while the seller keeps the original. 

30 The following v steps represent the customer's 

experience of the chain of events described above. 

• The customer hands over his credit card in the usual 
way . 
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• On the display of his mobile telephone, the customer 
receives information on the payment, and he and confirms 
the commission by pressing two keys. When the commission 
is considerable (high security classification) , the 

5 customer has to input his PIN code or ot^her similar 

password between the first and the second confirmation, 
and if needed he adjusts the amount, i.e. he gives a tip. 

• The customer signs the transaction receipt and keeps 
the copy, in the customary manner. 

10 Additional steps: By pressing keys twice, the 

customer confirms the payment and also inputs, if 
required, the PIN code and increases the amount if a tip 
is to be given. 

Steps that disappear: The customer need not show 
15 any identification papers. 

' The following sequence of steps represents the 
sellers experience of the above chain of events. 

• The seller accepts the credit card and runs it 
through the reader of the card terminal, as usual. 

20 • The seller inputs the amount via the card terminal 
as usual . 

• The seller tears off the transaction receipt as 
usual . 

• The seller makes sure that the customer signs the 
25 receipt of the transaction and keeps the original as 

usual . 

Additional steps : None 

Steps that disappear: The seller does not have to 
ask for identification papers, check the latter or 
30 register the number of the identification papers. 



WO 01/26061 1 PCT/SE00/01842 

28 

Possible Varieties of Locations Where Rapid Payment 
is Essential 

In case of payment of smaller amounts in shops, 
kiosks, petrol stations, and the like, the confirmation 
5 might not necessarily have to be effected over the mobile 
network, since this procedure might take about a minute 
longer. Instead, the IR data transmission port 19 of the 
mobile telephone might be used. In this case, the card 
terminal is also equipped with a corresponding 
10 communication port (not shown) and software, as well as 

with a display, should the cash register not already have 
a display facing the customer. The communication port 
preferably is located on the display unit or close to the 
latter. 

./l5 According to this embodiment, the seller swipes the 

customer's credit card through the reader, and inputs the 
amount, or receives it directly, for instance from the 
- petrol pump that the customer has just used, i.e. in the 
manner in operation today. When this is done, the amount 

20 is shown on the display mentioned above, said display 

also requesting the customer to e.g. "Confirm payment by 
means of your mobile telephone". The customer then 
directs his mobile telephone towards the display and 
receives e.g. the name of the petrol station and the 

25 amount in question. By two confirmation key pressings on 
the mobile -telephone keypad, the first non-used code word 
is transferred to the card terminal and the display may 
show e.g. "Password received". From then on, everything 
functions as it does today. 

30 It could be said that the mobile telephone replaces 

the control keypad commonly existing in many petrol 
stations, at least in Sweden. However, any person 
standing close by could make note of the code that is 
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being inputted, even if a screen is provided to make this 
more difficult. Should the person who just inputted his 
check code leave his card on the desk, this might 
constitute a temptation to a dishonest individual. Such a 
5 person could, for instance block the credit card from 
view by putting his hand over it and let it slide down 
inio his pocket. The dishonest individual could then fill 
the family cars with petrol before the rightful owner 
notices that his credit card is missing, for instance 
10 when a week later- he again intends to fill his car with 
petrol . 

A consequence of the invention is that a code word 
is never used more than once, and in addition that 
normally nobody, neither the customer nor any one else, 
15 will ever set eyes on any code words whatsoever. 

Conclusion 

It should be understood that a number of varieties 
of the embodiments described above are possible within 

20 the scope of protection of the appended claims. For 
example, a large number of alternative authentication 
methods can be used with a system in accordance with the 
invention. In the same manner, equipment different from 
the one described herein could be used to implement the 

25 method in accordance with- the invention. 
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CLAIMS 

1. A method of authenticating a commission from a 
customer (41) to a service provider (42) , comprising the 

5 steps of 

forming a plurality of sets (1) of randomly 
generated code words (2) , 

r 

storing one of said plurality of code word sets (1) 
in a memory circuit (15) of a mobile telephone (10) , 
10 which circuit is associated with a mobile- telephone 
subscription, 

storing an identical code word set (1) in a database 
(21) together with an association to said mobile- 
telephone subscription, and 

.15 at the time of requesting the commission, 

identifying said mobile-telephone subscription, 
retrieving at least one code word (4 6) from the memory 
circuit and checking the presence of said code word in 
the code word set (1) in the database that is associated 

20 with said mobile- telephone subscription, thereby 
authenticating the commission. 

2. A method as claimed in claim 1, wherein the code 
word is retrieved from the memory circuit (15) in a 
predetermined sequence known to the database. 

25 3. A method as claimed in claim 2, further 

comprising the step of registering, in at least in one of 
the memory circuit (15) and the database (21) , when a 
code word (46) has been used, thus ensuring said 
predetermined sequence is followed. 

30 4. A method as claimed in any one of the preceding 

claims, wherein the step of identifying the mobile- 
telephone subscription comprises the steps of 

determining the identity of the customer, and, 
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word (46''), and said second code word is transferred 
from the customer to the database (21) 

12 . A method as claimed in any one of the preceding 
claims, further comprising the steps of 

5 associating at least one position indication 

(24) with the mobile- telephone subscription and storing 
sa/id indication (24) in the database (21) , and, 

each time a commission is requested, establishing 
the location of the memory circuit (15) and checking the 
10 position indication thus obtained against said position 
indication (24) stored in the database. 

13. A method of authenticating a commission from a 
customer to a 'service provider, wherein a set (1) of 
randomly generated code words (2) has been stored in a 

- 15 memory circuit (15) associated with a mobile -telephone 
subscription in a mobile telephone (10) as well as in a 
database (21) together with an association (23) to said 
mobile-telephone subscription, comprising the steps of 
establishing the identity (43) of the customer, 
20 identifying the mobile-telephone subscription on the 

• basis of the identity of the customer, 

retrieving a code word (4 6) from the memory circuit, 

and 

checking the presence of said code word in the code 
25 word set . (22) in the database (21) that is associated 

with said mobile -telephone subscription, in order to thus 
authenticate the commission. 

14. A system for authenticating a commission from a 
customer (41) to a service provider (42) , comprising 

30 a mobile telephone (10) having a memory circuit (15) 

associated with a mobile- telephone subscription, 

means to enable the customer to disclose his 
identity (43) to .the service provider, 
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characterized in that the system further comprises 
a database (21) , 

a set (1) of randomly generated code words (2) , said 
set stored in the first place in the memory circuit (15) 
5 and in the second place in the database (21) , where it is 
associated with the mobile-telephone subscription, 

means to identify the mobile- telephone subscription 
based on the identity (43) of the customer, 

means to enable the customer (41) to retrieve a code 
10 word from the memory circuit (15) and to transfer said 
code word to the database (21) , and 

checking means (2 5, 26) -for checking that said code 
word is present in the code word set (22) in the database 
that is associated with said mobile- telephone 
15 subscription, in order to thus authenticate the 
commission. 

15. A system as claimed in claim 14, wherein said 
checking means comprises a. communication means (25) for 
communication between the database (21) and the mobile 
2 0 telephone (10) . 
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1 . This international preliminary examination report has been prepared by this International Preliminary Exarriining 
Authority and is transmitted to the applicant according to Article 36. 

2. This REPORT consists of a total of _3 sheets, including this cover sheet. 

j~ I This report is also accompanied by ANNEXES, i.e., sheets of the description, claims and/or drawings which have 
— been amended and are the basis for this report and/or sheets containing rectifications made before this Authority 
(see Rule 70.16 and Section 607 of the Adrninistrative Instructions under the PCT). 

These annexes consist of a total of sheets. 



3 . This report contains indications relating to the following items: 
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Basis of the report 
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□ 


Priority 
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Non-establishment of opinion with regard to novelty, inventive step and industrial applicability 


IV 


□ 


Lack of unity of invention 


V 




Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial applicability; 
citations and explanations supporting such statement 


VI 
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Certain documents cited 


vn 
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Certain defects in the international application 


Vffl 
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Certain observations on the international application 
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L Basis of the report 



1. With regard to the elements of the international application:* 
(X| the international application as originally filed 

I I the description: 
pages 

pages 

pages 



, as originally filed 



, filed with the demand 



□ 



, filed with the letter of 



the claims: 

pages 

pages 

pages 

pages 



, as originally filed 

, as amended (together with any statement) under article 19 

, filed with the demand 



filed with the letter of 



|T ] the drawings: 
pages 



, as originally filed 
filed with the demand 



, filed with the letter of 



1 I the sequence listing part of the description: 



pages 
pages 



, as originally filed 



filed with the demand 



, filed with the letter of 



2. With regard to the language, all the elements marked above were available or furnished to this Authority in the language in which 
the international application was filed, unless otherwise indicated under this item. 

These elements were available or furnished to this Authority in the following language Eng 1 i sh. which is: 

| | the language of a translation furnished for the purposes of international search (under Rule 23. 1(b)). 
the language of publication of the international application (under Rule 48.3(b)). 



F 1 the language of the translation furnished for the purposes of international preliminary examination (under Rules 55.2 and/ 
1 — 1 or 55.3). 

3. With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the international 
preliminary examination was carried out on the basis of the sequence listing: 

| | contained in the international application in written form. 

| | filed together with the international application in computer readable form. 

[_j furnished subsequently to this Authority in written form. 

j | furnished subsequently to this Authority in computer readable form. 

F I The statement that the subsequently rurnished written sequence listing does not go beyond the disclosure in the 
— international application as filed has been furnished. 

The statement that the information recorded in computer readable form is identical to the written sequence listing has 
been furnished. 



□ 

4-D 



The amendments have resulted in the cancellation of: 
| | the description, pages 
j~J the claims, Nos. 

□ 



the drawings, sheet/fig 



This report has been established as if (some of) the amendments had not been made, since they have been considered to go 
beyond the disclosure as filed, as indicated in the Supplemental Box (Rule 70.2 (c)).** 



* Replacement sheets which have been furnished to the receiving Office in response to an invitation under Article 14 are referred to 
in this report as "originally filed'' and are annexed to this report since they do not contain amendments (Rules 70.16 
and 70.17). 

** Any replacement sheet containing such amendments must be referred to under item I and annexed to this report. 
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V. Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial applicability; 
citations and explanations supporting such statement 



1 . Statement 



Novelty (N) Claims 1-15 YES 

Claims NO 



Inventive step (IS) Claims 1-15 YES 

Claims NO 



Industrial applicability (IA) Claims 1-15 YES 

Claims NO 



2. Citations and explanations (Rule 70.7) 
Cited documents: 

1. US 5878337 A (Joao et al) , 2 March 1999 

2. US 5708422 A (G.E. Blonder et al) , 13 January 1998 

3. WO 9945693 Al (Walker Asset Management LTD), 10 Sept 1999 

4. US 5416306 A (T.Imahata), 16 May 1995 



The documents cited in the International Search Report 
represent background art. 

The invention defined in claims 1 - 15 is not disclosed by any 
of these documents. 

None of the cited documents gives any indication towards the 
claimed methods and a system for authenticating a commission 
from a customer to a service provider. No relevant combination 
of the cited documents would lead a person skilled in the art 
to the invention claimed in the claims. 

Therefore, the invention defined in claims 1 - 15 is novel and 
considered to involve an inventive step. It is also considered 
to be industrially applicable. 
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Intel iil^^Pel application No. 
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A. CLASSIFICATION OF SUBJKCI MATTIiR 
IPC7: G07F 7/08, G07F 7/10 

According to International Patent Classification (IPC) or to both national classification and IPC 

B. FIELDS SEARCHED 

Minimum documentation searched (classification system followed by classification symbols) 

IPC7: G07F, H04q 

Oocumenlation searched other than minimum documentation to the extent that such documents arc included in the fields searched 

SE,DK,FI,N0 classes as above 

Electronic data base consulted during the international search (name of data base and, where practicable, search terms used) 



C. DOCUMENTS CONSIDERED TO BE RELEVANT 



Category* 


Citation of document, with indication, where appropriate, of the relevant passages 


Relevant to claim No. 


A 


US 5878337 A (JOAO ET AL), 2 March 1999 (02.03.99), 
j abstract 


1-15 


A 


US 5708422 A (G.E. BLONDER ET AL), 13 January 1998 
(13.01.98), abstract 


1-15 


A 


WO 9945693 Al (WALKER ASSET MANAGEMENT LTD.), 
10 Sept 1999 (10.09.99), abstract 


1-15 


A 


US 5416306 A (T.IMAHATA), 16 May 1995 (16.05.95), 
abstract 


1-15 



I I Further documents are listed in the continuation of Box C. j )(| See patent family annex. 



* Special categories of cited document* 

'A" document defining the general state of the art which is not considered 

to be of particular relevance 
"E" earlier application or patent but published on or after the international 

filing date 

"L" document which may throw douhts on priority claim(s) or which is 
cited to establish the publication date of another citation or other 
special reason (as specified) 

"O" document refernng lo an oral disclosure, use, exhibition or other 
means 

"P" document published prior to the international filing date but later than 
the priority dale claimed 



T" later document published after the international filing date or priority 
date and not in conflict with Ihe application but cited to understand 
the principle or theory underlying the invention 

"X" document of particular relevance: the claimed invention cannot be 
considered novel or cannot he considered lo involve an inventive 
step when the document is taken alone 

*Y" document of particular relevance: the claimed invention cannot be 
considered lo involve an inventive step when the document is 
combined with one or more olher such documents, such combination 
being obvious lo a person skilled in the art 

"Sl" document member of Ihe same patent family 



Date of the aetual completion of the international search 
22 January 2001 


Date of mailing of the international search report 

2 3 -0V 20 Q1 


Name and mailing address of the ISA/ 

Swedish Patent Office 

Box 5055, S-102 42 STOCKHOLM 

Facsimile No. + 46 8 666 02 86 


Authorized officer 

Gordana Ninkovic' / itw 

Telephone No. +46 8 782 25 00 
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The undersigned requests that the present 

international application be processed 
according to the Patent Cooperation Treaty 



International Application' 



For receiving Office use only 

PCT/SE 0 0/01842 

:ationNo. 



2 2 -09- 2000 



International Filing Date 



The Swedish Patent Office 
PCT International Application 



Name of receiving Uttice and VCT International Application" 



Applicant's or agent's file reference 
(if desired)(12 characters maximum) 



2006796 



Box No. I TITLE OF INVENTION 

METHOD AND SYSTEM FOR VERIFICATION OF A SERVICE REQUEST 



Box No. II 



APPLICANT 



Name and address: {Family name followed by given name; for a legal entity, full official designation. The address 
must include postal code and name of country. The country of the address indicated in this Box is the applicant 's State (that 
is, country) of residence if no State of residence is indicated below.) 

AB TRYGGIT 
Torred 4164 
SE-429 34 KULLAVIK 
SWEDEN 



| | This person is also inventor. 



Telephone No. 



Facsimile No. 



Teleprinter No. 



State (thai is, country) of nationality: 



SE 



State (that is, country) of residence: 



SE 



This person is applicant 
for the purposes of: 



□ all designated 
States 



alt designated States except 
the United States of America 



□ 



the United States 
of America only 



□ 



the States indicated in 
the Supplemental Box 



Box No. Ill FURTHER APPLICANT(S) AND/OR /FURTHER INVENTOR(S) 



Name and address: (Family name followed by given name; for a legal entity, full official designation. The address 
must include postal code and name of country. The country of the address indicated in this Box is the applicant's State (that 
is, country) of residence if no State of residence is indicated below.) 

BRYNIELSSON, Thore 

Torred 4164 

SE-42 9 34 KULLAVIK 

SWEDEN 


This person is: 

| — | applicant only 

^| applicant and inventor 

i — | inventor only (if this check-box 

' — ' is marked, do not fill in below.) 


State (that is, country) of nationality: SE 


State (that is, country) of residence: g E 



This person is applicant 
for the purposes of: 



j — | all designated 



States 



□ all designated States except 
the United States of America 



the United States 
of America only 



□ 



the States indicated in 
the Supplemental Box 



| | Further applicants and/or (further) inventors are indicated on a continuation sheet 



Box No. IV AGENT OR COMMON REPRESENTATIVE; OR ADDRESS FOR CORRESPONDENCE 



The person identified below is hereby/has been appointed to act on. behalf 
of the applicant(s) before the competent International Authorities as: 



[g| agent 



| | common representative 



Name and address: ( Family name followed by given name: for a legal entity, full official designation. The 
address must include postal code and name of country.) 


Telephone No. 
+46 31 63 


02 


00 


AWAPATENT AB 


Facsimile No. 






BOX 11394 


+46 31 63 


02 


63 


SE-404 28 GOTEBORG 


Teleprinter No. 






SWEDEN 









| I Address for correspondence: Mark this check-box where no agent or common representative is/has been appointed and the space above is used 
instead to indicate a special address to which correspondence should be sent 
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Box No. V 



DESIGNATION OF STATES 



The following designations are hereby made under Rule 4.9(a) (mark the applicable check-boxes; at least one must be marked): 
Regional Patent 

_] AP ARIPO Patent: GH Ghana, GM Gambia, KE Kenya, LS Lesotho, MW Malawi, MZ Mozambique, SD Sudan, SL Sierra Leone, 

SZ Swaziland, TZ United Republic of Tanzania, UG Uganda, ZW Zimbabwe, and any other State which is a Contracting State of the Harare 
Protocol and of the PCT 

EA Eurasian Patent: AM Armenia, AZ Azerbaijan, BY Belarus, KG Kyrgyzstan, KZ Kazakhstan, MD Republic of Moldova, RU Russian 

Federation, TJ Tajikistan, TM Turkmenistan, and any other State which is a Contracting State of the Eurasian Patent Convention and of the 
PCT 

_J EP European Patent: AT Austria, BE Belgium, CH and LI Switzerland and Liechtenstein, CY Cyprus, DE Germany, DK Denmark, ES Spain, 
FI Finland, FR France, GB United Kingdom, GR Greece, IE Ireland, IT Italy, LU Luxembourg, MC Monaco, NL Netherlands, PT Portugal, 
SE Sweden, and any other State which is a Contracting State of the European Patent Convention and of the PCT 
_] OA OAPI Patent: BF Burkina Faso, BJ Benin, CF Central African Republic, CG Congo, CI Cote d'lvoire, CM Cameroon, GA Gabon, 

GN Guinea, GW Guinea-Bissau, ML Mali, MR Mauritania, NE Niger, SN Senegal, TD Chad, TG Togo, and any other State which is a 
member State of OAPI and a Contracting State of the PCT (if other kind of protection or treatment desired, specify on dotted line) 

National Patent (if other kind of protection or treatment desired, specify on dotted line): 



£j 


AE 




AG 




AL 


El 


AM 




AT 


El 


AU 


El 


AZ 


El 


BA 




BB 


El 


BG 


El 


BR 


El 


BY 


El 


BZ 


El 


CA 


El 


CHj 


El 


CN 


El 


CR 


El 


CU 


El 


CZ 


El 


DE 


El 


DK 


El 


DM 


El 


DZ 


El 


EE 


El 


ES 


El 


FI 


El 


GB 


El 


GD 


El 


GE 


El 


GH 


El 


GM 


El 


HR 


El 


Hli 


El 


ID 


El 


IL 


El 


IN 


El 


IS 


El 


JP 


El 


KE 


El 


KG 


El 


KP 


El 


KR 


El 


KZ 



+■ Utility Model__ 



-^Utility Model 



+Utility Model 



United Arab Emirates 
Antigua and Barbuda 
Albania 
Armenia 
Austria 

Australia 

Azerbaijan 

Bosnia and Herzegovina 

Barbados 

Bulgaria 

Brazil 

Belarus 

Belize 
Canada 

nd LI Switzerland and Liechtenstein 

China 

Costa Rica _ _ 

Cuba 

Czech Republic 
Germany 
Denmark 
Dominica 
Algeria 
Estonia 
Spain 
Finland 

United Kingdom 
Grenada 
Georgia 
Ghana 
Gambia 
Croatia 
Hungary 
Indonesia 
Israel 
India 
Iceland 
Japan 
Kenya 
Kyrgyzstan 



El 
El 
El 
El 
E) 
El 
El 
El 
El 
El 
El 
El 
El 



El 
El 
El 
El 



+Utility Model 



+Unlity Model 



El 



— 
El 



LC 

LK 

LR 

LS 

LT 

LU 

LV 

MA 

MD 

MG 

MK 

MN 

MW 

MX 

MZ 

NO 

NZ 

PL 

PT 

RO 

RU 

SD 

SE 

SG 

SI 

SK 

SL 

TJ 

TM 

TR 

TT 

TZ 

UA 

UG 

US 

uz 

VN 
YU 
ZA 
ZW 



Saint Lucia 
Sri Lanka 
Liberia 

Lesotho 

Lithuania 

Luxembourg 

Latvia 

Morocco 

Republic of Moldova 

Madagascar 

The former Yugoslav Republic of Macedonia 
Mongolia 

Malawi 

Mexico 

Mozambique 
Norway 
New Zealand 

Poland _ 

Portugal 

Romania 

Russian Federation 
Sudan 
Sweden 
Singapore 
Slovenia 
Slovakia 
Sierra Leone 
Tajikistan 
Turkmenistan 
Turkey 

Trinidad and Tobago 



+Utility Model 



United Republic of Tanzania 

Ukraine 

Uganda 

United States of America 
"Uzbekistan 

Viet Nam 

Yugoslavia 
South Africa 
Zimbabwe 



Democratic People's Republic of Korea 
Republ ic of Korea +Utility Model 

Kazakhstan 



Check-boxes reserved for designating States which have become party to the 
PCT after issuance of this sheet: 

; □ _ □ 



Precautionary Designation Statement: In addition to the designations made above, the applicant also makes under Rule 4.9(b) all other designations 
which would be permitted under the PCT except any designation(s) indicated in the Supplemental Box as being excluded from the scope of this statement. 
The applicant declares that those additional designations are subject to confirmation and that any designation which is not confirmed before the expiration of 
15 months from the priority date is to be regarded as withdrawn by the applicant at the expiration of that time limit. (Confirmation (including fees) must 
reach the receiving Office within the 15-month time limit.) 
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Box No. VI 



PRIORITY CLAIM 



□ Further priority claims are indicated in the Supplement Box. 



Filing date 
of earlier application 
(day/month/year) 



Number 
of earlier application 



Where earlier application is: 



national application: 
country 



regional application:* 
regional Office 



international application: 
receiving Office 



item (1) 
1 October 1999 



9903575-0 



SWEDEN 



item (2) 



item (3) 



^71 The receiving Office is requested to prepare and transmit to the International Bureau a certified copy of 
the earlier application(s) (only if the earlier application was filed with the Office which for the purposes 
of the present international application is the receiving Office) identified above as item(s): i 
* Where the earlier application is an ARIPO application, it is mandatory to indicate in the Supplemental Box at least one country party to the Paris 
Convention for the Protection of Industrial Property for which that earlier application was filed (Rule 4.10(b)(ii)). See Supplemental Box. 



Box No. VII 



INTERNATIONAL SEARCHING AUTHORITY 



Choice of International Searching Authority (ISA) 

{If two or more International Authorities are competent to 
carry out the international search, indicate the Authority 
chosen; the two-letter code may be used): 

ISA/ se 



Request to use results of earlier search; reference to that search 

{if an earlier search has been carried out by or requested from the International Searching 
Authority): 

Date (day/month/year) Number Country (or regional Office) 

15 December 1999 SE99/01592 Sweden 



Box No. VIII 



CHECK LIST; LANGUAGE OF FILING 



This international application contains the following 
number of sheets: 



request 


: 3 1/ 


1. 


EI 


description (excluding sequence listing part) 


: 23 r 


2. 


El 


claims 


: 4 v 


3. 


□ 


abstract 


: 1* 


4. 


□ 


drawings 


: 6 " 


5. 


□ 


sequence listing part of description 




6. 


□ 






7. 


□ 






8. 


□ 


Total number of sheets 


: 37 


9. 


El 



This international application is accompanied by the item(s) marked below: 



Figure of the drawings which 
should accompany the abstract: 



5a 



Language of filing of the 

international application: 



Swedish 



Box No. IX 



SIGNATURE OF APPLICANT OR AGENT 



Next to each signature, indicate the name of the person signing and the capacity in which the person signs (if such capacity is not obvious from reading the 
request). 

Goteborg, 21 September 2000 





ian Edlund 
Authorized Representative, Awapatent AB 



1. 


Date of actual receipt of the 9 7 
Purported international application: ^ 


-09- 


2000 




2. Drawings: 








3. 


Corrected date of actual receipt due to later but 

Timely received papers or drawings completing the purported international application: 






[^{'received: 


4. 


Date of timely receipt of the required 
Corrections under PCT Article 1 1(2): 








L_] not received: 


5. 


International Searching Authority ^ ^ 
(if two or more are competent): ISA/ ^C" 


6. 


□ 


Transmittal of search copy 
delayed until search fee is paid. 





Date of receipt of the record copy by the 
International Bureau: 



For International Bureau use only 

TODV£f48Efi 2000 



i 1 P , 11 0 0 \ 
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33. 



34 



35 



Bilda slumpmassiga 
kodord 



Bilda kodordsupps. 



Associera varje 
upps. med 
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Distribuera 
kodordsupps. 



Lagra pa simkort 
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Fig 6 
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AWAPATENT AB ^ TRYGGIT 22.09.2000 

Kontor/Handlaggare Ansokningsnr Var referens 

Goteborg/Fabian Johnsson/LRH SB-2006796 



METQD OCH SYSTEM FOR VERIFIERING AV T JANS TEBE S TALLN I NG 



Tekniskt omrade 

Foreliggande uppf inning avser en metod och ett sy- 
stem for att verifiera uppdrag fr&n en bestallare till en 
t j ansteleverantor . 

5 

Teknisk bakgrund 

Vid kop med kredit- eller betalkort i handeln finns 
ett standigt problem att bestamma anvandarens identitet. 
Varje kort har vanligtvis en specif ik kod, exempelvis en 

10 fyrstallig sifferkod, vilken i vissa butiker kan matas in 
i samband med kopet . Detta ar emellertid ingen speciellt 
attraktiv losning for en person med ett tiotal kort, var- 
dera med en specif ik kod. I exempelvis restauranger till- 
lampas ofta systemet att gasten skriver under en bekraf- 

15 telse av transaktionen , vilken underskrift fungerar som 
en ef terkontroll om betalningen ifragasatts. Detta inne- 
bar att kortets agare endast i efterhand marker om nagon 
anvant kortet utan agarens vetskap. Det forekommer till 
och med att restaurangens personal i bedragligt syfte be- 

2 0 lastar ett kort med flera transakt ioner under den tid de 

ensamma har tillgang till kortet. Ofta racker det att en 
bedragare kommer over kortnumret, for att bedragaren se- 
dan ska kunna anvanda detta kort vid ett senare tillfal- 
le. 

25 Enligt en kand teknik, avsedd for situationer dar en 

kund har aterkommande kontakt .med exempelvis en bank, har 
kunden en skrapbar list a med koder. Banken har tillg&ng 
till samma lista, exempelvis lagrad i sitt datorsystem. 
Varje gang kunden bestaller en transakt ion, exempelvis 

3 0 via telefon, skrapar han fram ett nummer som anges . Num- 

ret kontrolleras mot bankens lista, varigenom sakerstalls 
att kunden ar den han utger sig for att vara, eller &t- 
minstone har kommit over den aktuella skraplistan. 



PCT/SEOO/01842 
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15 
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I kanda system for sakra transakt ioner pa exempelvis 
Internet, forkommer en liten dosa, som anvandaren maste 
ha tillgang till vid transaktionstillf allet . Koder utvax- 
las mellan datorn och dosan for att sakerstalla att an- 
vandaren verkligen har tillgang till dosan. Denna teknik 
anvands f ramf orallt i samband med banktj anster pa Inter- 
net, da en anvandare relativt ofta utnyttjar tjansten. 

Losningen med den personliga dosan uppvisar dock tva 
problem: 

For det forsta ar det mojligt for en insatt fackman 
att kopiera elektroniken, exempelvis ROM-minnet, i en 
dosa som han har tillgang till en kort stund. Dosan kan 
sedan aterlamnas till den intet ont anande agaren. Ingen 
mojlighet finns sedan for datorsystemet att avgora om det 
ar agaren eller bedragaren som bestaller en transaktion. 

For det andra ar en dosa specif ik for en tjanstele- 
verantor, vilket for en anvandare av flera tj anster inne- 
bar att ett flertal dosor ska medf oras . Risken finns da 
att anvandaren har glomt den dosa som han for tillfallet 
behover. Vidare minskar anvandarens mojligheter att halla 
samtliga dosor under uppsikt, och en bedragare kan latt 
anvanda en stulen dosa, eller kopiera en "lanad" dosa, 
utan att anvandaren hinner sakna dosan. 

Nar kontokort anvands for betalningar over Internet, 
ar det oftast endast kontokort snumret som fungerar som 
kontroll. Kontokortnumret kan visserligen krypteras, men 
om krypter ingen knacks kan en bedragare handla relativt 
obehindrat tills anvandaren far en rakning, vanligtvis i 
slutet av manaden. Visserligen skulle dosor av ovan namnt 
slag kunna utnyttjas for att forbattra sakerheten, men 
ovannamnda problem med kopiering av dosan, respektive be- 
hovet av flera dosor kvarstar da naturligtvis . 

Vissa t jansteleverantorer har system p& Internet dar 
man forst m&ste anmala sig som kund, och forst darefter 
kan handla med sitt kontokort. Dessa system har dock lik- 
som dosan den nackdel att de ar specif ika for varje 
t jansteleverantor, och anvandaren far darmed en mycket 
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kranglig tillvaro i kontakten med flera olika tjanstele- 
verantorer . 

Andra mycket vanliga tjanst med behov av verifiering 
av en anvandare ar inloggning i datorsystem, samt inpas- 
sering i sakerhetsklassade lokaler. Dessa system bygger 
nastan uteslutande pa angivande av ett anvandar-ID till- 
sammans med en kod eller ett losenord, vilket i vissa sy- 
stem bytes enligt bestamda rutiner, respektive pa passer- 
kort med tillhorande kod. Helt allmant kan konstateras 
att det i vart samhalle forekommer en uppsjo av koder, 
vilka for en manniska ar sv&ra att halla i minnet . Fres- 
telsen ar darfor stor att notera koderna nagonstans, var- 
vid sakerheten minskar. 

Att kombinera angivande t av en kod med en dosa, vil- 
ken rent fysiskt maste finnas till hands forbattrar sa- 
kerheten, men till priset av en mangd dosor. Denna teknik 
ar darfor knappast nagon universell losning pa ovanstSen- 
de problematik. 

Behov finns darfor av ett enhetligt system som skul- 
le kunna anvandas vid flera olika typer av tjanstebe- 
stallningar, genom vilket anvandarens legitimitet kan ve- 
rifieras pa ett enkelt satt . 

Def initioner 

1 den foljande beskrivningen forekommer ett antal 
termer, vilka har definieras. 

Med termen "uppdrag" avses helt allmant en tjanst 
eller service som en person onskar utford av en leveran- 
t6r. Exempelvis kan ett uppdrag vara en ekonomisk trans- 
aktion, som utfors av en bank _eller liknande, men ett 
uppdrag kan ocksa vara en begaran att bli inslappt i en 
byggnad eller inloggad i ett datorsystem. Bestallningen 
av detta uppdrag refereras till som en 
"t janstebestallning" . 

Med termen " t j ansteleverantor" avses bade foretaget 
som utfor uppdraget (exempelvis en bank, ett kontokortfo- 
retag eller ett sakerhetsbolag) , och den utrustning som 
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utfor uppdraget (exempelvis ett portlas, en bankomat, el- 
ler ett datorsystem vid inloggning) . 

"Bestallaren" ar personen som begar uppdraget av 
t jansteleverantoren, och bestallaren och t j ansteleveran- 
toren ar i foljande beskrivning tillika anvandare av me- 
toden och systemet enligt uppf inningen . 

Termen "databas" avser saval den minnesenhet dar 
data lagras som den mjukvara som hanterar datamangder och 
utfor operationer exempelvis i syfte att jamfora data- 
mangder . 

Med "mobiltelef on" avses en barbar telefon, exempel- 
vis en GSM-telefon eller liknande. Aven eventuella fram- 
tida barbara telefoner innefattas naturligtvis av termen. 

Uppf inningens syf ten 

Ett forsta syfte med foreliggande uppfinning ar att 
losa ovanstaende problem, och gora det mojligt att veri- 
fiera en bestallare av en tjanst pa ett tillf redsstallan- 
de satt. 

Ett andra syfte med uppfinningen ar att gora det 
mojligt att verifiera en bestallare av en tjanst, vilken 
metod ar universell, och enkelt kan utnyttjas av flera 
t j ansteleverantorer utan behov av for leverantoren speci- 
fik utrustning. 

Sammanf attning av uppfinningen 

Dessa syften uppnas enligt uppfinningen med en metod 
och ett system enligt de s j alvstandiga patentkraven 1, 13 
och 14 . 

Enligt uppfinningen finns saledes for varje bestal- 
lare tva identiska uppsattningar kodord, av vilka den ena 
finns lagrad pa en minneskrets i en mobiltelef on, och den 
andra finns lagrad i en databas. Verif ikationen av be- 
stallaren utfors genom att mob i 1 1 e 1 e abonnemange t identi- 
fiers, ett kodord utvinns ur minneskretsen, och kodordet 
kontrolleras mot den kodordsuppsattning i databasen som 
direkt eller indirekt ar associerad med mobilteleabonne- 
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mange t . Den inbordes ordningen mellan ovannamnda moment 
kan naturligtvis vara annorlunda, exempelvis kan kodordet 
utvinnas ur minneskretsen innan mobi 1 1 e 1 eabonnemange t 
identif ieras . 



uppfinningen i forhallande till kand teknik ar att 
kodorden ar av engangskaraktar i kombination med att ing- 
en forutsagbar algoritm utnyttjas for att harleda nasta 
kodord. For att kanna till kodorden i en uppsattning mas- 

10 te mobiltelef onens minneskrets stjalas rent fysiskt eller 
kopieras pa exempelvis elektronisk vag. 

Vidare ar metoden och systemet enligt uppfinningen 
anvandbara av ett obegransat antal tj ansteleverantorer . 
Det enda som erfordras av tj ansteleverantoren ar utrust- 

15 ning for att koppla upp sig mot databasen och overfora 
kodordet och identiteten, och att motta resultatet av 
kontrollen. Detta innebar vidare att anvandaren genom att 
sparra sitt mob i 1 1 e 1 e abonnemang i databasen enkelt kan 
sparra samtliga tjanster som utnyttjar systemet. Ett al- 

20 ternativ ar att tj ansteleverantoren sjalv ager databasen, 
eller en delmangd darav. 

En ytterligare fordel ar att systemet ar anvandbart 
helt parallellt med och oberoende av befintliga saker- 
hetssystem. Saledes kan varje t j ansteleverantor pa egen 

25 hand valja om den vill ansluta sig till systemet, och 

darigenom forbattra sakerheten i sitt befintliga system. 

Kodordet utvinns f oretradesvis ur minneskretsen en- 
ligt en forutbestamd ordning, vilket ytterligare forbatt- 
rar verif ikat ionens sakerhet . Forutom att kodordet kon- 

30 trolleras tillhora den kodordsuppsattning som ar associe- 
rad med den uppgivna identiteten, kontrolleras ocksS att 
det ar ratt kodord inom uppsattningen . 

I minneskretsen kan markeras nar ett kodord har an- 
vants, och en liknande marker ing kan utforas i databasen. 

35 Harigenom sakerstalls att minneskretsen och databasen har 
samma uppfattning om var i den f orutbestamda ordningen 
nasta kodord ska hamtas. Man forhindrar alltsa att min- 
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En fordel med systemet och metoden enligt 
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neskretsen och databasen kommer "ur fas" . Detta system 
kan liknas vid att bestallaren bar med sig en skrapbar 
lista med kodord. For att anvanda ett kodord skrapas det 
fram, varvid tj ansteleverantoren skrapar fram motsvarande 
5 kodord i sin lista och jamfor de bada. For att bestall- 
ningen ska accepteras maste ratt lista anvandas, och 
dessutom ratt kodord pa listan. 

En konsekvens av detta forfarande ar att en bedraga- 
re som i lonndom kommit over en persons kodordsuppsatt - 

10 ning, exempelvis genom att pa elektronisk vag kopierat 
minneskretsen, endast kommer att kunna utnyttja minnes- 
kretsen om inte personen dessforinnan gjort en bestall- 
ning, och darmed anvant nasta kodord, Om bedragaren verk- 
ligen lyckas genomfora en bestallning, kommer bedrageriet 

15 att upptackas senast nasta gang personen ska gora en be- 
stallning, eftersom det kodord som da anges inte accepte- 
ras. Mob i 1 abonnemange t kan da sparras, varvid skadan mi- 
nimeras. Jamfor med en i lonndom kopierad sakerhetsdosa 
enligt kand teknik, som kan anvandas av en bedragare 

2 0 tills agaren far ett uppseendevackande kontouppdrag eller 
liknande . 

Steget att identifiera mob i 1 1 e 1 e abonnemange t inne- 
f attar f oretradesvis stegen att bestamma bestallarens 
identitet, och att utifran bestallarens identitet identi- 

25 fiera mobilteleabonnemanget . Bestallarens identitet kan 

utgoras av lamplig data, exempelvis ett personnummer , ett 
kontokortsnummer eller ett mobiltelef onnummer . Begreppet 
identitet betecknar egentligen enbart en direkt koppling 
. till en person, och den data som representerar identite- 

30 ten kan eventuellt utbytas . Salunda kan identiteten fran 
bestallaren till tj ansteleverantoren anges i form av ex- 
empelvis ett bank- eller passerskortsnummer med tillho- 
rande kod, eller ett anvandar-ID med tillhorande kod, och 
fran tj ansteleverantoren till databasen anges i form av 

35 ett mobiltelef onnummer eller ett forutbestamt ID-nummer. 
Databasen maste dock kunna koppla ihop den mottagna iden- 
titeten med en bestamd kodordsuppsattning, normalt via 
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mobiltelefonnumret, for att darigenom kunna kontrollera 
att det angivna kodordet har utvunnits fran ratt minnes- 
krets . 

Enligt en foredragen utf oringsf orm skickas en bega- 
5 ran till bestallaren att uppge ett kodord. Bestallaren 
kan alltsa bestalla en tjanst pa vanligt satt, varpa 
t jansteleverantoren som en ytterligare sakerhetsatgard 
begar ett kodord, som bestallaren da utvinner ur mobilte- 
lefonen. Tj ansteleverantoren har lampligen information om 

10 vilka av dess kunder som ar anslutna till systemet enligt 
uppf inningen, och skickar i forekommande fall en forfrli- 
gan till databasen. Databasen skickar darefter en begaran 
till bestallaren att uppge ett kodord. 

Begaran kan skickas via telenatet till mobiltelefo- 

15 nen och kodordet kan overfors fran mobiltelef onen till 

databasen via telenatet. Lampligen accepterar bestallaren 
att kodordet skickas genom lampliga knapptryckningar p& 
mobiltelef onen. Eftersom harigenom tva separata kommuni- 
kationsvagar utnyttjas, for det forsta en vag mellan 

2 0 t jansteleverantoren och databasen, och for det andra mel- 

lan databasen och mobiltelef onen, forbattras sakerheten 
ytterligare. En bedragare som uppfangat och forvanskat 
information langs den forsta kommunikationsvagen, har 
ingen mojlighet att forutse vilket mob i 1 1 e 1 e abonnemang 

25 eller basstation som nasta led i verif ikat ionsprocessen 
kommer att utnyttja. 

Begaran som skickas till mobiltelef onen, som exem- 
pelvis ar ett SMS-meddelande eller liknande, kan innehal- 
la information om transaktionen . Detta kan vara fordelak- 

30 tigt exempelvis i en situation dar kortet dragits i kort- 
terminalen, och godkants av kortf oretaget , men dar trans- 
aktionens belopp annu inte faststallts. En bedragare 
skulle da, nar hela verif ikat ionen utforts, kunna ange 
ett felaktigt belopp, och darmed belasta bestallarens 

3 5 konto for mycket . Genom ett SMS-meddelande enligt ovan 

skulle detta upptackas av bestallaren, som alltsa far in- 
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formation om den bedragliga bestallningen till sin mobil- 
telefon, och dk kan forneka transakt ionen . 

Genom att mobiltelef onen kontaktas direkt ges en 
mojlighet for en anvandare att upptacka ett pagaende be- 
drageri . Anvandaren kan dk omedelbart sparra mobilabonne- 
manget , eller sparra det kort eller den tjanst som ar ut- 
satt for bedrageri. Antag att nagon stulit eller kopierat 
en persons kontokort , och dessutom lyckats komma over 
nasta kod pa personens minneskrets. Nar kortet anvands, 
och en transakt ion godkannes av databasen, skickas ett 
meddelande till personens mobiltelef on, varpa personen 
far kannedom om att nagon anvant ett av kodorden pk 
minneskretsen. En mojlighet ar vidare att droja med 
kodordsbegaran till bestallaren en bestamd tid, eller att 
tillampa tva bekraf telser , atskilda i tiden. Detta skulle 
utesluta att en bedragare anvander en mobiltelefon som 
sedan lamnas tillbaka, utan att agaren marker det. 
Fordrojnings tiden kan anpassas sk att mobiltelef onens 
agare hinner sakna den och sparra den innan begaran om 
kodord skickas till mobiltelef onen och darmed verifierar 
bestallningen. 

Samtidigt mojliggor denna metod att en bestallare 
kan lata en tredje person anvanda bestallarens kort for 
en bestamd tjanst, exempelvis att kopa en vara. Bestalla- 
ren far oavsett var han befinner sig, information om ko- 
pet pa sin mobiltelefon, och gor den definitiva 
bekraftelsen via sin mobiltelefon. 

Speciellt vid t j anstebestallningar via Internet ar 
det fordelaktigt med en begaran fran databasen eller 
t jansteleverantoren direkt till mobiltelef onen, eftersom 
all information som overfors via Internet ar mer eller 
mindre atkomlig for andra. Ett SMS -meddelande till be- 
stallarens telefon blir darfor en utmarkt kvittens pk att 
transaktionen ar korrekt . 

Enligt en annan ut f oringsf orm av uppfinningen over- 
fors bestallarens identitet och det ur minneskretsen ut- 
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vunna kodordet till tjansteleverantoren, mobilteleabonne- 
manget som ar associerat till bestallaren identifieras av 
tjansteleverantoren, och kodordet och mobilteleabonne- 
mangets identitet overfors till databasen av tjansteleve- 
5 rantoren. Med detta forfarande kan bestallaren alltsa di- 
rekt i samband med bestallningen overfora bade sin iden- 
titet och ett kodord till tjansteleverantoren. I dent if ie- 
ringen av mobiltele abonnemange t utfors darefter antingen 
av tjansteleverantoren eller av databasen. 

10 Enligt en ytterligare utf oringsf orm av uppfinningen 

utvinns ett andra kodord fran minneskretsen och overfors 
till databasen, for att ytterligare verifiera uppdraget . 
Kodorden i uppsattningen kan vara associerade till var- 
andra i grupper med olika antal kodord, for att anvandas 

15 vid olika typer av t j anstebestallningar med olika saker- 
hetsniva . 

Det forsta kodordet kan overforas fran bestallaren 
till databasen, eventuellt via tjansteleverantoren, varpa 
databasen skickar en begaran till bestallaren att uppge 

2 0 ett andra kodord, och slutligen det andra kodordet over- 
fors fran bestallaren till databasen. Begaran till be- 
stallaren kan ske pa samma satt som den ovan beskrivna 
begaran. En mojlighet ar alltsa att bestallaren direkt 
till mobiltelef onen, far tva pa varandra foljande begaran 

25 om att overfora ett kodord. En annan mojlighet ar att be- 
stallaren forst anger ett kodord direkt i samband med be- 
stallningen, varpa bestallaren darefter far en begaran om 
att ange ett ytterligare kodord. Fler mojligheter ar na- 
turligtvis mojliga, och speciellt kan aven mobiltelefo- 

30 nens PIN-kod utnyttjas som ett satt att ytterligare hoja 
sakerheten i verif ikat ionen . 

Enligt en utf oringsf orm av uppfinningen lagras i da- 
tabasen aven positionsangivelser som ar associerade med 
mob i 1 1 e 1 e abonnemange t . Vid verif ikat ionen lokaliseras 

35 minneskretsen, och den erhallna positionen kan jamforas 
med de i databasen lagrade posit ionsangivelserna . Detta 
forfarande kan utnyttjas for att geografiskt begransa var 
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15 



20 



25 



30 



en bestallare kan utfora vissa typer av tjanster. Exem- 
pelvis kan kop over ett visst belopp vara begransade till 
ett fatal, f orutbestamda platser, vilket ytterligare okar 
sakerheten. Denna geografiska kontroll kan ocksa vara 
tillampbart vid inloggning i ett datorsystem, som kanske 
endast ar tillaten fran arbetsplatsen eller hemifran. Al- 
ternativt kan en positionsangivelse i databasen vara en 
IP-adress, varigenom inloggningsf orf arande eller Inter- 
nettransaktioner kan begransas till en bestamd dator, 
utan att denna information finns tillganglig hos tjanste- 
leverantoren eller nagonstans pa Internet. 

Kort beskrivning av ritningarna 

Foreliggande uppf inning kommer i det foljande att 
beskrivas narmare under hanvisning till bifogade ritning- 
ar, vilka i exemplif ierande syfte visar foredragna utfo- 
ringsformer av uppf inningen . 

Fig la-b visar tva kodordsuppsattningar enligt upp- 
f inningen . 

Fig 2 visar en mobiltelefon enligt uppf inningen . 

Fig 3 visar en databas enligt uppf inningen . 

Fig 4 visar hur kodordsuppsattningar enligt fig 1 
framtages och lagras. 

Fig 5a-e visar fern foredragna utf oringsf ormer av me- 
toden enligt uppf inningen . 

Fig 6 visar en mer detaljerad illustration av meto- 
den enligt uppf inningen . 

Beskrivning av foredragna utf oringsf ormer 
I fig la-b visas tva exempel pk en kodordsuppsatt - 
ning 1, som bestar av ett flertal koder 2 i form av fyr- 
eller sexstalliga sif f erkombinationer . Dessa sifferkombi- 
nationer ar helt slumpmassigt framtagna, och uppvisar 
inget harledbart samband, vare sig avseende sammansatt- 
ning eller ordningsf 61 j d . Koderna kan vara ordnade i 
grupper 3, med tva eller flera koder 2 i varje grupp. 
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Eftersom varje kod i sig ar helt oberoende av de 6v- 
riga finns inget hinder mot att en sif f erkombi nation fo- 
rekommer flera ganger i samma uppsattning, eller till och 
med i samma grupp . 



tet 4, som direkt eller indirekt ar forknippad med ett 
mobi 1 t e 1 eabonnemang . I det visade exemplet utgors identi- 
teten av ett mobiltelef onnummer 5. 

Mobiltelef onen 10 som schematiskt visas i fig 2 har 

10 pa kant vis en knappsats 11, en display 12, samt en mott- 
agare/sandare 13. Mobiltelef onen har vidare en minnes- 
krets 15, exempelvis ett SIM-kort eller motsvarande 
smart-card, vilken innehaller information 16 om mobilte- 
leabonnemanget . Exempelvis kan ett SIM-kort innehalla in- 

15 formation om abonnemangets telef onnummer , och om hur 

mycket kredit som aterstar pk agarens konto hos mobil- 
tjanstleverantoren. Minneskretsen 15 ar vidare enligt 
uppfinningen forsedd med den kodordsuppsattning 17 som ar 
associerad med abonnemanget . 

2 0 SIM-kortet kan forses med ett abonnemangs- ID och en 

kodordsuppsattning innan det ' levereras till en aterfor- 
saljare under noggrann sekretess, exempelvis genom nagon 
form av sigillf orslutning . Anvandaren som koper eller pa 
annat satt kommer over SIM-kortet kontrollerar att sigil- 
25 let inte ar brutet och anordnar darefter SIM-kortet i sin 
mobiltelef on for att kunna anvanda denna . 

Den i fig 2 visade mobiltelef onen ar vidare forsedd 
med organ, exempelvis en mjukvara 18, for att fran min- 
neskretsen 15 utvinna ett kodord fran kodordsuppsattning- 

3 0 en 17, och sanda detta medelst mobiltelekommunikation, 

exempelvis i ett SMS-meddelande . En mjukvara med denna 
f unktionalitet kan utvecklas av en fackman p& omradet . 
Mjukvaran 18 kan ocksa overfora ett kodord via en 
kommunikationsport 19, sasom en seriell eller parallell 
3 5 dataoverforingsport , eller infrarod port. Vidare kan ett 
utvunnet kodord visas pk displayen 12 . 
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Kodordsuppsattningen 1 ar associerad med en identi- 



PCT/SE00/01842 
22.09.2000 

12 

Mjukvaran 18 ar vidare anordnad att motta ett kodord 
och jamfora kodordet med kodordsuppsattningen i minnes- 
kretsen. Kodordet kan inmatas medelst knappsatsen 11, el- 
ler ocksa mottas medelst mobiltelekommunikat ion direkt 
5 till mobiltelef onens mottagare 13, exempelvis genom att 
mobiltelef onen mottar ett SMS-meddelande . 

Det ar lampligt att mobiltelef onen kan forsattas i 
ett sov-lage, dar inga telef onsamtal tas emot, men dar 
SMS-meddelanden kan mottas och sandas . Denna funktion kan 

10 utvecklas av en fackman pa omradet . 

I databasen 21, som visas i fig 3, ar ett flertal 
kodordsuppsattningar 22 lagrade, vilka vardera har en 
identitet 23 som ar associerad till ett mobilteleabonne- 
mang, vars motsvarande SIM-kort innef attar en identisk 

15 kodordsuppsattning . 

Varje uppsattning 22 kan vidare vara kopplad till en 
eller flera posit ionsangivelser 24. Positionsangivelserna 
kan exempelvis vara stallen pa vilka bestallaren angivit 
att han vill kunna utfora en viss typ av bestallningar . 

2 0 Databasen 21 ar vidare forsedd med kommunikat ionsor- 

gan 25 for att motta en forfragan, samt meddela resulta- 
tet av verif ikationen. Exempelvis kan kommunikat ionsorga- 
net 2 5 utgoras av ett modem som ar anordnat att kommuni- 
cera med tj ansteleverantoren, till exempel att motta ett 

25 kodord och en identitet fran tj ansteleverantoren, samt 

att skicka en bekraftelse till tj ansteleverantoren om att 
uppdraget ar verif ierat . Kommunikat ionsorganet 25 kan 
ocksa vara anordnat att over mobiltelenatet , exempelvis 
via SMS-meddelanden, kommunicera med mobiltelef onen . 

30 Vidare ar databasen 21 forsedd med organ, foretra- 

desvis mjukvara 26, som ar anordnad att utfora sokningar 
i databasen och att exempelvis verifiera att ett bestamt 
kodord aterfinns i den kodordsuppsattning 22 i databasen 
som ar associerad en bestamd identitet 23 . 

35 i fig 4 illustreras hur kodordsuppsattningar 1 bil- 

das och lagras. 
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I ett helt fristaende datorsystem slumpas sifferkom- 
binationer fram enligt algoritmer som inte kan forutsagas 
utifran (steg 31) . Detta sakerstaller att ingen kan for- 
utse vilka kodord som ingar i en bestamd kodordsuppsatt- 
5 ning, och kan enkelt astadkommas av en fackman pa omri- 
det. Sif f erkombinationerna grupperas i grupper och upp- 
sattningar (steg 32) , enligt algoritmer som i sig kan 
tillatas vara kanda utanfor datorsystemet . Datorsystemet 
tillfors vidare en serie mobiltelef onnummer , vilka till- 
10 handahalls av en mobiltelet j anstleverantor , och associe- 
rar varje kodordsuppsattning med ett telef onnummer (steg 
33) . 

Darefter distribueras uppsattningarna (steg 34) till 
foretag som forser SIM-korten med information, dar varje 

15 kodordsuppsattning lagras pa ett SIM-kort (steg 3 5) som 
antingen fore eller efter lagringen har tilldelats det 
mobiltelenummer som uppsattningen ar associerad till. 

Vidare distribueras (steg 34) uppsattningarna till 
databases dar de ocksa lagras (steg 36) . Uppsattningarna 

2 0 kan lagras pa atkomstskyddade informationsbarare, exem- 
pelvis kodade och sigillf orslutna CD-skivor, vilka dis- 
tribueras pa sakert satt, exempelvis med kurir. Om dator- 
systemet som bildar uppsattningarna ar anslutet till da- 
tabasen, kan denna del av distribut ionen ske pa saker 

25 elektronisk vag. 

I fig 5a - e illustreras oversiktligt fern olika 
varianter av hur verif ikationen av ett uppdrag fran en 
bestallare 41 till en t j ansteleverantor 42 gar till en- 
ligt uppf inningen. I samtliga fall har bestallaren 41 en 

30 mobiltelefon 10 enligt fig 2._ 

Enligt metoden i fig 5a uppger bestallaren forst sin 
identitet 43 till t j ansteleverantoren 42. Detta sker nor- 
malt i samband med bestallningen av uppdraget , da bestal- 
laren exempelvis uppger ett anvandar-ID, ett kontokorts- 

35 nummer eller annan information som for tj ansteleveranto- 
ren identifierar bestallaren. 
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Tjansteleverantoren har kannedom om vilka kunder som 
ar anslutna till systemet enligt uppf inningen, och har 
mojlighet att associera ett mobilteleabonnemang till kun- 
dens identitet. Tjansteleverantoren 42 skickar en forfra- 
5 gan 44 till databasen 21, och overfor mobilteleabonne- 
mangets identitet 23, vanligen i form av ett mobiltele- 
nummer, men eventuellt i form av ett annan identif ikation 
som ar associerad med mobilteleabonnemanget , till databa- 
sen 21. Naturligtvis kan istallet bestallarens identitet 

10 43 overforas till databasen 21, och det aktuella mobilte- 
leabonnemanget identif ieras av databasen. 

Databasen skickar darefter en begaran 45 via telena- 
tet till mobiltelef onen 10, exempelvis medelst ett SMS- 
meddelande eller liknande. Meddelandet 45 innehaller in- 

15 formation om bestallningen, som visas i displayen 12, sa 
att bestallaren kan kontrollera att bestallningen ar rik- 
tig. Om sa ar fallet kan bestallaren bekrafta pa lampligt 
satt, exempelvis med en dubbel knapptryckning pa bestamd 
knapp i knapsatsen 11. Exempelvis kan bestallaren till 

2 0 sin mobiltelef on fa ett meddelande av typen "Kortkop $35 

pa BurgerKing. Tryck OK for att bekrafta", eller "Du log- 
gar nu in pa din arbetsplats. Tryck OK for att bekraf ta" . 
Bestallaren trycker da pa OK-knappen. En ytterligare be- 
kraf telse av typen "Ar du saker J/N" kan vara lamplig, 
25 som en extra kontroll . Mjukvaran 18 i mobiltelef onen ham- 
tar dk frkn SIM-kortet 15 nasta, annu inte anvanda kod 
46, och skickar denna fran mobiltelef onen 10 till databa- 
sen 21. Samtidigt markeras det skickade kodordet som an- 
vant pa SIM-kortet. Begaran 45 fran databasen kan ocksS 

3 0 innehalla ett kodord (ej visat) , som av mobiltelef onens 

mjukvara 18 kontrolleras mot SIM-kortets 15 kodordsupp- 
sattning 17. 

En annan mojlighet ar att databasen 21 kontaktar 
tjansteleverantoren 42, som i sin tur begar ett kodord 
35 fran bestallaren och returnerar detta till databasen 21. 

Nar databasen 21 far kodordet. 4 6 kan det jamforas 
med den uppsattning 22 som ar associerad till mobiltele- 
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abonnemanget . Om kontrollen misslyckas, exempelvis bero- 
ende pa att koden inte aterfinns i kodordsuppsattningen i 
databasen som ar associerad till mobiltelef onnumret , 
overfors information om detta till tjansteleverantoren, 
5 som kan vagra utfora tjansten, exempelvis vagra tilltrade 
till ett datorsystem eller stoppa en transaktion. Om kon- 
trollen daremot ar positiv, dvs den angivna koden ar kor- 
rekt, overfors ett klartecken 47 till tj ansteleverantoren 
42, som da kan utfora tjansten. Samtidigt markeras det 

10 mottagna kodordet som anvant . 

Enligt metoden som visas i fig 5b uppger bestallaren 
41 ett kodord 46 i samband med att bestallaren uppger sin 
identitet 43 enligt ovan. Bestallaren 41 kan exempelvis 
lasa av ett kodord 46 fran mobiltelef onens 10 display 12, 

15 och overfora det till tj ansteleverantoren 42. Alternativt 
kan en dataoverf oringsport 19 hos mobiltelef onen anvandas 
for att overfora ett kodord till tj ansteleverantoren. 

Tj ansteleverantoren skickar darefter en forfragan 44 
till databasen 21, och overfor forutom identiteten enligt 

20 ovan, aven kodordet 46. Databasen 21 kontrollerar kodor- 
det enligt ovan, och skickar ett klartecken 47 till 
t j ansteleverantoren 42 . 

Metoden som visas i fig 5c ar egentligen en kombina- 
tion av de tva tidigare metoderna. Bestallaren 41 uppger 

25 forst ett kodord 46' i samband med bestallningen enligt 
fig 5b, och mottar darefter en begaran 45 om ytterligare 
ett kodord 46'' enligt fig 5a. 

For att ytterligare oka sakerheten kan mjukvaran 18 
vara anordnad att vid vissa uppdrag, exempelvis kop over 

3 0 ett visst belopp, begara anvandarens PIN-kod for att ut- 
vinna och sanda kodordet . Detta innebar att en bedragare 
som kommit over en paslagen mobiltelef on anda ar tvungen 
att kanna till agarens PIN-kod. 

De i databasen lagrade posit ionsangivelserna kan 

35 ocksa utnyttjas for att hoja sakerheten. Den basstation 
som mobiltelef onen kommunicerar via kan relativt enkelt 
identif ieras, och en jamforelse med de lagrade positions- 
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angivelserna kan utforas. Det kan ocksl vara mojligt att 
i mobiltelefonen innefatta en GPS-navigator eller liknan- 
de # varvid mobiltelefonen kan kommunicera sin position 
mycket noggrant . Positionskontrollen skulle harvid kunna 
ske i tva steg, forst grovt, med avseende pa basstation, 
och sedan mer noggrant, med avseende pk longitud och la- 
titud. 

Metoden som visas i fig 5d kan ses som en variant av 
metoden som visas i fig 5b. Databasen 21' ags har av 
t jansteleverantoren 42, varvid n&gon extern kommunikation 
ej behover ske fran t j ansteleverantoren 42. Databasen 21 9 
kan vara en delmangd av en storre databas 21. Denna metod 
kan exempelvis anvandas nar en person ska ges tilltrade 
till ett skyddsob j ekt , sasom en bil. Bilen har en databas 
21' med ett antal kodord, och en anvandare kan enkelt 
identifieras med hjalp av sin mobiltelef on . 

Metoden som visas i fig 5e ar snarlik metoden enligt 
fig 5b, men kontrollen mot databasen 21 sker forst efter 
en tidsf ordrojning 48. Om mobilabonnemanget inte klarar 
kreditkontroll och ID-kontroll sparras mobiltelefonen i 
t jansteleverantorens system. Exempel pa anvandning av 
denna metod ar betalning av kollektivtraf ikavgif ter , el- 
ler parkeringsavgif ter . 

Ytterligare varianter och kombinationer av dessa me- 
toder kan forekomma inom ramen for uppf inningen . Antalet 
kodord som utbyts mellan mobiltelefonen och databasen kan 
variera beroende pa den onskade sakerheten. 

I det foljande ges nigra exempel pa situationer da 
en verif ikat ionsmetod enligt uppfinningen ar speciellt 
lamplig . 

Restauranq 

En gast som atit pa en restaurang bestaller av sitt 
kontokortsforetag eller liknande tjansten att betala re- 
staurangnotan med medel som finns pa gastens eget konto 
eller pa kontokortsf oretagets konto (kreditkort) . Kortfo- 
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retaget ar saledes tjansteleverantor, och gasten ar be- 
stallare . 

Pa kant vis hanteras kontokortet av restaurangperso- 
nalen, for att verifiera kortets nummer, dess giltighet, 
5 att medel finns pa kontot , att kortet inte ar sparrat 

etc. Kortf oretaget far pa detta satt kannedom om bestal- 
larens identitet, exempelvis genom det unika kortnumret . 
Enligt en vanligt f orekommande teknik dras kortet i en 
kortterminal , som via modem kontaktar kortf oretaget och 
10 kontrollerar transakt ionen . 

Kortf oretaget har i ett register information om att 
bestallaren ar ansluten till systemet enligt uppfinning- 
en, och identifierar mob i 1 1 e 1 e abonnemange t s telefonnum- 
mer. Detta skickas till databasen, vilken darefter kon- 
15 taktar mobiltelef onen via telenatet och mottar ett kodord 
(fig 5a) . 

Alternativt anvander bestallaren sin mobiltelefon 
for att i samband med bestallningen uppge ett kodord (fig 
5b) . Kodordet kan overlamnas till restaurangpersonalen, 
2 0 som via kortterminalen kontaktar kortf oretaget och 

overfor koden, eller ocksa overforas fran mobiltelef onen 
till kortterminalen genom nagon form av kommunikationsor- 
gan, exempelvis en IR-port . 

Nar kodordet verifierats av kortf oretaget skickas 
25 ett klartecken 47 till restaurangen, varvid ett kvitto 
skrivs ut . 

Internet transakt ion 

Forfarandet ar snarlikt nar en datoranvandare vill 
gora en transaktion pa Internet eller liknande, exempel- 

30 vis gora en girering fran ett _av sina bankkonton, eller 

handla med ett kontokort . Datoranvandaren ar da bestalla- 
re av en tjanst i form av en transaktion. Tjansteleveran- 
toren kan vara ett kortf oretag enligt ovan eller bestal- 
larens egen bank. 

35 Bestallarens identitet overfors i detta fall genom 

en inmatning av exempelvis ett personnummer och tillho- 
rande losenord eller ett kontokort snummer eller liknande. 
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En sadan inmatning kan ske i en skarmbild pa en WWW-sida, 
varefter sidans inneh&ll med en knapptryckning skickas 
till sidans innehavare . 

Om ett forfarande enligt fig 5a anvands blir forlop- 
pet identiskt med det ovan beskrivna exemplet, och be- 
stallaren far inom nagon minut ett SMS-meddelande till 
sin mobiltelef on, och kan bekrafta bestallningen genom 
lampliga knapptryckningar . Om ett forfarande enligt fig 
5b utnyttjas, dar bestallaren laser av ett kodord fr&n 
mobiltelef onens display, kan kodordet overforas pa samma 
satt som identiteten, antingen pa samma WWW-sida eller 
vid en ef terf 61 j ande sida, som dyker upp sk snart identi- 
teten godkants. 

Inloagning/inpasserina 

Ytterligare en t j anstekategori som lampar sig for 
verifikation enligt uppfinningen ar inloggning i ett da- 
torsystem. Bestallaren ar da personen som vill atkomma 
systemet, tjansten ^r att slappa in personen i datorsy- 
stemet eller liknande, och t j ansteleverantoren ar det fo- 
retag eller datorsystem som ar ansvarigt for sakerheten. 

Bestallaren anger sin identitet vid en inloggning 
enligt kand teknik, och uppger darvid exempelvis ett an- 
vandar-ID med losenord. Darefter kan tj ansteleverantoren 
kontakta databasen som begar ett kodord direkt fr&n mo- 
biltelef onen enligt fig 5a. Alternativt kan bestallaren 
enligt fig 5b ges mojlighet att via tangentbordet ange en 
kod som avlasts ur mobiltelef onens display. 

Vid fysisk inpassering till en lokal eller ett omra- 
de blir situationen snarlik den vid inloggning. Exempel- 
vis kan da bestallarens identitet anges genom att dra ett 
passerskort eller slk en kod pa ett portlas. 

Exempel pa detain erad handelsekedi a vid be talning 
med kontokort 

Nedan gors, med hanvisning till fig 6, en mer detal- 
jerad beskrivning av en tankbar kedja av handelser for 
att en legitim bestallare skall kunna utfora ett uppdrag 
med mycket hog sakerhet . Om uppdraget inte har sa hog sa- 
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kerhetsklassning kan vissa moment uteslutas ur handelse- 
kedjan. Det ar lampligen t j ansteleverantorens dator som 
avgor vilken sakerhetsklass som uppdraget skall ha och om 
dricks ska lamnas till f orsalj ningsstallet . Darmed styrs 
5 resten av handelsekedj an baserat pa sakerhetsklass och om 
dricks ska lamnas eller ej . 

a) Bestallaren 41 lamnar if ran sig ett kontokort 51. 

b) Kontokortet dras i kortterminalen 52 och 
betalningsbeloppet (inklusive eventuella garderobsav- 

10 gifter mm) matas in i terminalen. Terminalen 52 genererar 
ett meddelande om onskad betalning som bl . a . innehaller 
kortnummer, kortterminalens nummer och betalningsbelop- 
pet . 

c) Kortterminalen skickar det i (b) genererade med- 
15 delandet till kontokortf oretagets dator ( tj ansteleveran- 

toren 42) . 

d) Kontokortf oretagets dator kreditprovar 
transaktionen och om denna provning faller val ut sk ge- 
nererar datorn ett meddelande om transaktionen ( sal j are 

2 0 och belopp mm) , uppdragsnummer , uppdraget s sakerhets- 
klass, om "dricks" forekommer samt kontokort innehavarens 
mobiltelef onnummer . 

e) Kontokortf oretagets dator skickar det meddelande 
som genererats i (d) till databasen 21. 

2 5 f) Databasen 21 plockar fram nasta oanvanda kodord, 

kollar med aktuell mobiloperator 54 om mobilen ar pa en 
tillaten plats och genererar ett meddelande med begaran 
om bekraftelse av uppdraget. I meddelandet ingar bl.a. 
sal j are, belopp, uppdragsnummer, sakerhetsklass, om 

3 0 dricks forvantas och nasta oforbrukade kodord (5763 62) . 

g) Databasen 21 skickar det meddelande som genere- 
rats i (f) till bestallarens mobil 10. 

h) Mobilen kollar vilken sakerhetsklass som galler 
och om dricks forekommer. Baserat pa detta valjer mobilen 

35 vilken rutin som skall verkstallas. Mobilen lagger upp 

forfragan pa displayen och ber om bekraftelse. Bestalla- 
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ren trycker pa bekrafta. Om det ar en hog sakerhetsklass 
begar mobilen att bestallaren trycker in PIN-koden eller 
ett motsvarande losenord som bara bestallaren har i sitt 
huvud. Om det ar ett saljstalle (exempelvis restaurant) 
5 som tillampar dricks, kommer det en fraga pa mobilens 
display om beloppet skall hojas och da kan bestallaren 
mata in ett nytt hogre belopp. Mobilen ber bestallaren 
att ater bekrafta och om bestallaren pa nytt bekraftar sa 
genereras antingen ett eller tva meddelanden beroende pa 

10 sakerhetsklass. Bada meddelandena innehaller bl.a. mobil- 
telef onnummer , uppdragsnummer , sal j are, belopp, slutligt 
belopp (om dricks) det forsta oforbrukade kodordet 
(576362) och nasta oforbrukade kodord (805209) och om mo- 
biltelefonen har inbyggd GPS-mottagare sa bifogas aven 

15 GPS-koordinaterna . Mobilen noterar de bada kodorden som 
forbrukade. Hela detta steg (h) hanteras av mjukvaran 18 
i mobiltelef onen 10, vilken kan utvecklas av en fackman 
pk omradet . 

i) Mobilen 10 sander det i (h) genererade meddelan- 
20 det till databasen 21. 

j) Mobilen 10 sander det i (h) genererade meddelan- 
det till kontokortf oretagets dator 42. 

k) Databasen 21 kontrollerar meddelandet fran mobi- 
len och om bada kodorden ar korrekta genereras ett ID- 
25 bekraftelsemeddelande i vilket bl.a de bada kodorden in- 
gar och de bada kodorden noteras som forbrukade . 

1) Databasen 21 sander det i (k) genererade ID- 
bekraf telsemeddelandet till kontokortf oretagets dator 42. 
m) Kontokortforetagets dator kontrollerar meddelan- 
30 det fran mobilen (j) och ID-bekraf telsemeddelandet fran 
databasen (1) och gor lampliga j amf orelser . Om allt 
faller val ut sli genereras en skrivorder som innehaller 
lampliga uppgifter exempelvis sal j are, kopare, belopp, 
kontokortsnummer , uppdragsnummer , datum, klocka och veri- 
35 f ikationsnummer . 

n) Skrivorden overfores till kortterminalen 52. 
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o) Kortterminalen skriver ut transaktionskvittot 53. 

p) Bestallaren far tillbaka kontokortet 51 och 
skriver under transaktionskvittot 53 och tar kopian medan 
saljaren behaller originalet . 



Foljande ar vad bestallaren upplever av ovanstaende 
handel seked j a . 

• Bestallaren lamnar sitt kontokort som vanligt. 

• Bestallaren far upp betalningen p& sin mobiltele- 
10 fondisplay inom nagon minut och bekraftar uppdraget genom 

tva knapptryckningar . Vid stora uppdrag (hog sakerhets- 
klass) far bestallaren mellan den forsta och andra be- 
kraftelsen, mata in PIN-koden eller annat liknande 16- 
senord och eventuellt justerar upp beloppet, d.v.s. ger 
15 dricks. 

• Bestallaren far skriva under transaktionskvittot 
och ta kopian som vanligt. 

Tillkommande moment: Bestallaren bekraftar genom tva 
knapptryckningar betalningen plus matar eventuellt in 

2 0 PIN-kod och hojer beloppet om dricks ska ges. 

Moment som forsvinner: Bestallaren slipper att visa 
legitimation. 

Foljande ar vad saljaren upplever av ovanstaende 
handel seked j a . 

25 • Saljaren tar kontokortet och drar detta genom 

kortterminalens lasare som vanligt. 

• Saljaren matar in beloppet via kortterminalen som 
vanligt. 

• Saljaren river av transaktionskvittot som vanligt. 
30 • Saljaren tillser att bestallaren skriver under 

transaktionskvittot och tar originalet som vanligt. 
Tillkommande moment: Inga 

Moment som forsvinner: Sal j are slipper begara legi- 
timation, kontrollera legitimation och skriva legitima- 

3 5 tionsnummer. 



5 



Tankbara varianter pa stallen dar betal ningen m&ste 
ske snabbt 
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Man kan exempelvis vid betalning av mindre belopp i 
affar, kiosk, bensinstation mm tanka sig att bekraf telsen 
inte sker over mobilnatet, eftersom detta kan ta nagon 
minut extra. Istallet kan exempelvis mobiltelef onens inf- 
5 raroda dataoverf oringsport 19 anvandas . I detta fall ut- 
rustas ocksli kortterminalen med en motsvarande 
kommunikationsport (ej visad) och programvara, samt en 
display om inte kassaapparaten redan har en display 
riktad mot kundsidan. Kommunikationsporten sitter 

10 lampligen i displayenheten eller nara denna . 

For denna utf orandef orm drar saljaren bestallarens 
kontokort och matar in beloppet eller far det 
direktoverf ort fran exempelvis den bensinpump som bestal- 
laren just anvant d.v.s. som det fungerar idag. Nar detta 

15 ar klart visas beloppet pa ovan namnda display, vilken 
ocksa uppmanar bestallaren att exempelvis "Bekrafta be- 
talningen med din mobil" . Bestallaren riktar sin mobil 
mot displayen och mottar exempelvis bensinstat ionens namn 
och det aktuella beloppet. Genom tva bekraf telsetryck- 

2 0 ningar pa mobilen sa overfores det forsta oanvanda kodor- 

det till kortterminalen och displayen kan exempelvis visa 
"Losenord mottagits" . Darefter fungerar allt som idag. 

Man kan saga att mobilen ersatter den kontrollknapp- 
sats som ar vanlig pa manga bensinstationer i atminstone 
25 Sverige. N&gon som star bredvid kan emellertid se vilken 
kod som slas in aven om det finns ett skydd som skall 
gora det sv&rare att se . Om den som just slog in sin kon- 
trollkod skulle glomma sitt kort pk disken foreligger en 
frestelse for en oarlig person. En sadan person skulle 

3 0 kunna lagga handen over den fqrra kundens kontokort och 

lata det glida ner i fickan. Den oarlige personen skulle 
sedan kunna tanka upp exempelvis familjens bilar innan 
kortets riktiga agare nagon vecka senare skall tanka sin 
bil pa nytt och marker att kontokortet ar borta. 
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Uppfinningen innebar ju att ett kodord aldrig an- 
vands mer an en gang och for ovrigt ar det normal t ingen, 
varken bestallaren eller annan, som ser nagra kodord over 
huvud taget . 



Avslutnina 

Det inses att en mangd varianter av de ovan beskriv- 
na utf oringsf ormerna ar mojliga inom ramen for de bifoga- 
de patentkraven. Exempelvis kan ett stort antal alterna- 
10 tiva verif ikationsf orf arande genomforas med ett system 

enligt uppfinningen. Pa samma satt kan annorlunda utrust- 
ning an den har beskrivna anvandas for att verkstalla me- 
toden enligt uppfinningen. 



5 
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PATENTKRAV 



1. Metod att verifiera uppdrag fran en bestallare 
(41) till en t j ansteleverantor (42) , innefattande stegen 
5 att bilda ett flertal uppsattningar (1) slumpmassigt 

framtagna kodord (2) , 

att lagra en av namnda flertal kodordsuppsattningar 
(1) i en till ett mobilteleabonnemang associerad minnes- 
krets (15) i en mobiltelef on (10) , 
10 att lagra en identisk kodordsuppsattning (1) i en 

databas (21) tillsammans med en association till namnda 
mob i 1 1 e 1 e abonnemang , och 

att vid bestallningstillfallet identifiera namnda 
mobilteleabonnemang, utvinna atminstone ett kodord (46) 
15 ur minneskretsen och kontrollera att kodordet forekommer 
i den kodordsuppsattning (1) i databasen som ar associe- 
rad till namnda mobilteleabonnemang, for att darigenom 
verifiera uppdraget . 

2 0 2. Metod enligt krav 1, varvid kodordet utvinns 

fran minneskretsen (15) enligt en forutbestamd ordning, 
vilken ordning ar kand av databasen. 

3. Metod enligt krav 2, vidare innefattande steget 
25 att i atminstone den ena av minneskretsen (15) och data- 
basen (21) markera nar ett kodord (46) har anvants, var- 
igenom sakerstalls att namnda f orutbestamda ordning 
f 61 j s . 

3 0 4. Metod enligt nagot av foreg&ende krav, varvid 

steget att identifiera mobilteleabonnemanget innefattar 
stegen 

att bestamma bestallarens identitet, och 
att utifran bestallarens identitet identifiera mo- 
35 bilteleabonnemanget . 
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5. Me tod enligt nagot av foregaende krav, varvid 
en begaran (45) att uppge ett kodord skickas till bestal- 
laren . 
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6. Metod enligt krav 5, varvid begaran (4 5) skick- 
as till mobiltelef onen (10) via telenatet. 

7. Metod enligt krav 5 eller 6, varvid kodordet 
overfors fran mobiltelef onen (10) till databasen (21) via 
telenatet . 

8. Metod enligt krav 1-3, varvid 

bestallarens identitet (43) och det ur minneskretsen 
utvunna kodordet (46) overfors till tj ansteleverantoren 
(42) , 

mobilteleabonnemanget som ar associerat till bestal- 
laren identifieras av tj ansteleverantoren, och 

kodordet (4 6) och mobilteleabonnemangets identitet 
(23) overfors till databasen av tj ansteleverantoren . 

9. Metod enligt nagot av foregaende krav, varvid 
ett andra kodord (46'') utvinns fran minneskretsen (15) 
och overfors till databasen (21) , for att ytterligare ve- 
rifiera uppdraget . 

10. Metod enligt krav 9, varvid kodorden i uppsatt- 
ningen ar associerade till varandra i grupper (3) , och 
namnda forsta (46') och andra (46'') kodord ingar i samma 
grupp kodord . 

11. Metod enligt krav 9-10, varvid namnda forsta 
kodord (46') overfors fr&n bestallaren (41) till databa- 
sen (21) , databasen skickar en begaran (45) till bestal- 
laren att uppge namnda andra kodord (46''), varvid namnda 
andra kodord overfors fran bestallaren till databasen 
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12. Metod enligt n&got av foregaende krav, vidare 
innefattande stegen 

att till mobilteleabonnemanget associera och i data- 
basen (21) lagra itminstone en positionsangivelse (24) , 

att vid varje bestallningstillf alle bestamma var 
minneskretsen (15) ar lokaliserad, och kontrollera den 
salunda erhallna posit ionsangivelsen med namnda, i data- 
basen lagrade positionsangivelse (24) . 

13. Metod att verifiera ett uppdrag fran en bestal- 
lare till en tjansteleverantor, varvid en uppsattning (1) 
slumpmassigt framtagna kodord (2) har lagrats i en till 
ett mobilteleabonnemang associerad minneskrets (15) i en 
mobiltelefon (10) samt i en databas (21) tillsammans med 
en association (23) till namnda mobilteleabonnemang, in- 
nefattande stegen 

att bestamma bestallarens identitet (43) , 
utifran bestallarens identitet identifiera mobilte- 
leabonnemanget , 

att utvinna ett kodord (46) ur minneskretsen, och 
att kontrollera att namnda kodord forekommer i den 
kodordsuppsattning (22) i databasen (21) som ar associe- 
rad till namnda mobilteleabonnemang, for att darigenom 
verifiera uppdraget . 

14. System for verifiering av ett uppdrag fr&n en 
bestallare (41) till en t j ansteleverantor (42) , innefat- 
tande 

en mobiltelefon (10) med en till ett mobilteleabon- 
nemang associerad minneskrets _ (15) , 

organ for att lata bestallaren till t j ansteleveran- 
toren uppge sin identitet (43) , 

kannetecknat av att systemet vidare innef attar 
en databas (21) , 

en uppsattning (1) slumpmassigt framtagna kodord 
(2) , vilken uppsattning for det forsta ar lagrad i min- 
neskretsen (15) , och for det andra ar lagrad i databasen 
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(21) och dar ar forknippad med mobilteleabonnemanget, 

organ for att utifran bestallarens identitet (43) 
identif iera mobilteleabonnemanget , 

organ for att lata bestallaren (41) utvinna ett kod- 
5 ord ur minneskretsen (15) , och overfora namnda kodord 
till databasen (21) , och 

kontrollorgan (25, 26) for kontrollera att namnda 
kodord forekommer i den kodordsuppsattning (22) i databa- 
sen som ar associerad till namnda mobilteleabonnemang, 
10 for att darigenom verifiera uppdraget . 

15. System enligt krav 14, varvid kontrollorganet 
innefattar ett kommunikationsorgan (25) for att kommuni- 
cera mellan databasen (21) och mobiltelef onen (10) . 
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SAMMANDRAG 



Uppfinningen avser en metod och ett system for att 
verifiers ett uppdrag fran en bestallare (41) till en 
5 t jansteleverantor (42) , varvid en uppsattning slumpmas- 
sigt framtagna kodord har lagrats i en till ett mobilte- 
leabonnemang associerad minneskrets i en mobiltelefon 
(10) samt i en databas (21) tillsammans med en associa- 
tion till namnda mobi 1 1 e leabonnemang . Metoden innef attar 

10 stegen att bestamma bestallarens identitet (43) , att ut- 
ifran bestallarens identitet identifiera mobilteleabonne- 
manget, att utvinna ett kodord (4 6) ur minneskretsen, och 
att kontrollera att namnda kodord forekommer i den kod- 
ordsuppsattning i databasen (21) som ar associerad till 

15 namnda mobilteleabonnemang, for att darigenom verifiera 
uppdraget . 

Publ. bild = fig 5a 
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